digg

Join DiggAbout

Discover and share the best of the web!
Learn more about Digg by taking the tour.

See the original image at junauza.com

10 Best Hacking and Security Software Tools for Linux

junauza.com — Linux is a hacker ’s dream computer operating system. It supports tons of tools and utilities for cracking passwords, scanning network vulnerabilities, and detecting possible intrusions. I have here a collection of 10 of the best hacking and security software tools for Linux.

Bury
show profanity settings
expand all
  • MistaMatt90, on 07/02/2008, -0/+12Why PuTTY? Just install the clients you want, and run them from the terminal.
    • ninja0, on 07/02/2008, -0/+14He changed it to netcat.
    • Chaulis, on 07/03/2008, -0/+10Hell these aren't even really "security tools" they're just network and system administration tools that with knowledge of systems can be used for other things. With the exclusion of nessus.
      • Rijnzael, on 07/03/2008, -1/+7PuTTY also has the added caveat of only being useful for Windows, considering most distros of linux come equipped with clients for PuTTY supported protocols, whereas Vista doesn't even come with a telnet client by default anymore..
    • billbugger, on 07/03/2008, -1/+8It's not even a linux tool, it's windows. Linux has ssh built in.
  • Grjemo, on 07/02/2008, -9/+10While I love the list, it is best not to call Linux a hacker's dream. It is already in a negative light.
    • docfreezzzz, on 07/03/2008, -3/+9I'll second that motion as one who uses Linux for high performance computing. Linux is more that a 'script-kiddie' plaything.
      • burjzyntski, on 07/03/2008, -1/+4than*
        I agree, but I thought your post needed that clarification.
      • docfreezzzz, on 07/09/2008, -0/+1oops... posting at work.... I don't have emacs error checking my posts.... I get fast, sloppy typing when I code for very long. Thanks!
    • hdante, on 07/04/2008, -0/+1Exactly 100% of the software in the article is not linux-only software. Most run in dozens of Unix flavors and many run on Windows too.

  • evanfrey, on 07/03/2008, -8/+7total fail for not mentioning metasploit
    • Eazy~e, on 07/03/2008, -3/+11equal fail for thinking metasploit is a hacker tool. Metasploit is a skiddie tool.
      • evanfrey, on 09/25/2008, -0/+1Your a tool. Metasploit is a framework for creating exploits. Yes it comes with a bunch of built in "hacks", but to truly use the tool you need to know how to create exploits. I will totally recant this statement if you have gotten more then one paragraph into smashing the stack for fun and profit.

        tool
    • naiku, on 07/03/2008, -1/+5metasploit alright if you are writing your own exploits and using the framework to launch.... but typically its for people who think they can break into computers.
    • spxiii, on 07/03/2008, -0/+10For anyone who thinks metasploit is not a hacking tool and that they are too hard to be bothered with anything more than netcat and a diet rockstar energy drink, please actually try breaking into a modern system. It isn't the 1980's and you aren't Kevin Mitnick.
    • sysop073, on 07/04/2008, -1/+2Why is this getting buried? He's right, I'm surprised they didn't mention it too. Sure it's a script kidding tool but that certainly doesn't make it bad; they mentioned nessus, it's the same idea
  • wontstoptalking, on 07/03/2008, -12/+1I found this one program for Windows called Nettools (free). Google it.

    It allows you to do hundreds of things, including launching DOS attacks, a bunch of other illegal things, sending emails and being able to change the sender address (I sent my Mom an email from George Bush), you name it.

    It's pretty much that cheesy $15 "999 games in one!" bundle, but it doesn't suck so much. Besides, DOS attacks are just plain cool.
    • rowjimmy, on 07/03/2008, -0/+11you can spoof the sender address with telnet, or any mail-sending utility (eg sendmail).
      and i'm sure this script-kiddie package has absolutely no malware built into it, huh...
    • specialK16, on 07/03/2008, -0/+3Lol, how old are you?
  • goph, on 07/03/2008, -0/+57Or you could just download and install BackTrack 3 and have all those tools plus a few hundred others already installed
  • digitallysick, on 07/03/2008, -1/+5Great list , sadly i'm not smart enough to use most of these tools. I tried wireshark but i guess i just didn't understand how to use it correctly. I like Nmap to, i have used john the ripper to decode password hash files? or something like that back in the day
    • nytejade, on 07/03/2008, -0/+4To successfully use WireShark you need at least an elementary understanding of basic protocols like HTTP, TCP, and UDP.

      Wikipedia should be just fine. Once you understand the structure of a packet, it becomes clearer.
      • digitallysick, on 07/03/2008, -0/+2So if i understand correctly, with wireshark i should be able to capture packet streams in the network and decode what traffic it is and what is being transmitted? text?
      • admdrew, on 07/03/2008, -0/+1Essentially what wireshark does is capture the raw packet data and parse out that data into something more human-readable. It will show the packet header information with delivery information (source, destination) and can also parse out a number of different protocols (ftp, smtp, http, ntp, etc etc)

        If you have multiple hosts on a network to play with, try messing around with scanning one with nmap or nessus and watching the traffic on the other with tcpdump or wireshark.

        As nytejade said, a better understanding of some internet protocols can be helpful. I'd try starting at the TCP/IP page (even if it may appear a bit daunting):
        http://en.wikipedia.org/wiki/Tcp/ip

        Also, the OSI model is a decent way to visualize how some of this traffic functions:
        http://en.wikipedia.org/wiki/OSI_model
      • admdrew, on 07/03/2008, -0/+1Some basic commands to get you set up to watch traffic on the "target" host:
        First, do an 'ifconfig' to find out the interface name you are using to connect (it will be the interface that the IP of that machine is set to). I'll assume 'eth0' for the examples, and 192.168.100.35 is the 'scanner' and 192.168.100.20 is the 'target':

        tcpdump -nni eth0 host 192.168.100.35 - this will watch all traffic (packet information, but no content) on eth0 with a source/destination of 192.168.100.35, assuming that is the computer doing the "scanning".

        ngrep -d eth0 '' host 192.168.100.35 - this will watch all traffic on eth0 with the source/dest of that scanner, but will also show the content of each packet. Note that this will display a LOT of information, especially if you have a noisy scan or high bandwidth traffic.

        On the scanner machine, you can try some the following nmap scans:

        nmap -sP 192.168.100.0/24 - this will do a ping scan on that network, and will show which IPs in that range are responding to pings. It's one way to discover some hosts on your network

        nmap -sX 192.168.100.20 - this will do a christmas tree scan on the target, which is a fairly noisy scan that will generate a lot of traffic.

        nmap -O 192.168.100.20 - this will attempt OS detection on the target, and should show any open ports.
  • ninjasenses, on 07/03/2008, -1/+37Backtrack 3 is all you need.
    • dfndoe, on 07/03/2008, -0/+4Backtrack is dang kludgy. If you do any of this intrusion/pen "testing" with any frequency you should just run a real linux distro with the tools from BT that you find useful. Then you have a usable distro with frequent updates AND you don't have problems with thing like BT's choice of module versions and whatnot.
      • jgtg32a, on 07/03/2008, -0/+4You can install it to a flash drive so it can be kept up to date.
    • billbugger, on 07/03/2008, -0/+4http://www.remote-exploit.org/backtrack.html
  • whiteghetto, on 07/03/2008, -1/+13word... backtrack 3 FTMFW :)
  • astrocreep2k, on 07/03/2008, -2/+21I tried using some of these on the Gibson. The sys admin caught on and sent Teller over to my house to kick my ***
  • Hydraulix, on 07/03/2008, -2/+5Probably the saddest list I've seen so far. No mention of hydra, ettercap, airsnort, and many more awesome tools that should be on that list.
  • naiku, on 07/03/2008, -0/+4nc is amazing if you know how to use it.
  • AbstortedMinds, on 07/03/2008, -0/+9n00b article
  • Suzilla, on 07/03/2008, -0/+7BackTrack3, hands-down.
  • moonboots, on 07/03/2008, -1/+30if you listen closely, you can hear another wave of scriptkiddies crashing into the shore
    • mattguitar, on 07/03/2008, -0/+3OMG this l1st will show you how to h4x0r!!!! w00t l337!
  • centran, on 07/03/2008, -1/+7I really should try and get Snort working... but I got lazy.
    Most of the attacks on my servers are people trying to brute force ssh. They will go at it for hours and hours!
    I just use denyhosts http://denyhosts.sourceforge.net
    It scans the log for a certain number of login attempts from the same IP then adds that IP to your /etc/hosts.deny
    Make sure to add your common login IP(including local) to hosts.allow or you could lock yourself out.
  • Rizmaster, on 07/03/2008, -3/+4Wireshark ftw.

    Sit inside the nearest coffee shop and watch the packets fly until some idiot is dumb enough to buy something on an unprotected network.

    Then order some ***** up sex toys to their address and see if their loved ones are around when they arrive. Fun times are had by all.
    • nytejade, on 07/03/2008, -0/+5You missed the only somewhat difficult step of the process, which is actually decrypting the data you've intercepted.

      Something tells me you've never done this before.
      • saranagati, on 07/03/2008, -0/+4i think by unprotected network he meant an unsecure website as in, not encrypted.
      • Rizmaster, on 07/03/2008, -0/+2Actually no, it's not too terribly difficult to decrypt said packets after they're pulled down by Wireshark. If you know what kind of traffic you're looking for, it's incredibly doable when sniffed at the source.
      • nytejade, on 07/03/2008, -0/+1@saranagati: No, what he meant by unprotected was "open" as in "can join without password."

        @Rizmaster: No, it's not too terribly difficult, that's why I said somewhat difficult.
      • fluxion, on 09/22/2008, -0/+1SSL traffic isnt difficult to decrypt? i assumed it was as difficult to decrypt as ssh traffic and whatnot
  • bigteebo, on 07/03/2008, -3/+2Is there an Linux port of Netstumbler, or something close to it that's GUI based? I have yet to find one. Would be nice to install on my EEE and do some wardriving again. So far the only good utility for wireless fun is WireShark. The worst one was some wireless cracking program, where the author bluntly says it won't work without a specific DLL, and he won't provide it to you(nor tell you what it is). Makes me wonder why he even posted his "project" on sourceforge.
    • admdrew, on 07/03/2008, -0/+2Have you tried it in Wine? The Wine AppDB seems inconclusive about whether or not it works correctly.
    • fload, on 07/03/2008, -0/+2kismet?
    • fluxion, on 09/22/2008, -0/+1kismet indeed
  • Calibur, on 07/03/2008, -2/+2should have added wepattack with kismet .... crack a wep with one crypt packet and a massive dict. Allows for a fast wardrive session and a comfy home cracking.
  • webmastir, on 07/03/2008, -0/+8great. now a bunch of ***** are going to start spoutin' off BS acting like they know what they are talking about.. typical of these types of stories.
  • admdrew, on 07/03/2008, -0/+2Surprised ngrep isn't on there too.
  • Rijnzael, on 07/03/2008, -0/+2anyone with kismet should also check out wigle.net and gpsmap, which is installed when you install kismet. check out what gpsmap can do: http://athan.asia/wardriving/may31-08/
  • dfndoe, on 07/03/2008, -1/+2Pretty alright list. Although, I don't think that anyone who doesn't already know about this sort of thing would be given much of a headstart from having this list since most of these tools don't really do anything without some specific knowledge about what to do with the results gleaned from them or knowledge about how to actually get useful results in the first place.
  • irishhairball, on 07/03/2008, -0/+2sectools.org anyone?
    • twystoffate, on 07/03/2008, -1/+0sectools.org is old. the best tools can be found on sourceforge.net if you know what you're looking for. (Looking for "hacking tool" is not the best way to go)
  • plhofmei, on 07/03/2008, -0/+3I read this article hoping to hear of some new l33t tools I knew nothing about. Alas, these have been around for years. In a way, it's good to know that the oldies are still the goodies.
  • kungfoolou, on 07/03/2008, -0/+4Hacking and Security Tools? How about troubleshooting tools? These are all great tools. I've used them all. But never for the purpose of hacking, sometimes for security tho.
  • cgibreak, on 07/03/2008, -0/+1Meh, they missed scapy: http://www.secdev.org/projects/scapy/
  • galvo, on 07/03/2008, -0/+2Back track live CD.

    Not only are these tools great, but they'll land you in a load of trouble when dealing with airport security!
  • QuimbyDogg, on 07/03/2008, -1/+6I am a year in working on my masters in computer, information, and network security and have already worked with--or seen in demonstration--a large number of tools on the list. There are some extremely powerful tools listed but to people without knowledge they will seem pointless. Attacks are able to be done without using metasploit to hold your hand... And from a pure security standpoint some of these tools really are amazing.

    I really liked the post above about oldies being still the goodies. The best tools are always going to be the extremely basic yet fully customizable ones which are basically limited by YOUR input and knowledge alone.
  • dukeochutney, on 07/03/2008, -0/+1nessus changed their updates system. no link i do remember getting a message recently about it.
    • dukeochutney, on 07/03/2008, -0/+1First, we will continue to enable all users to download Nessus for free.

      Second, due to computers and personal networks having become ubiquitous in homes around the
      world, Tenable will launch a “HomeFeed” with all Nessus vulnerability plugin updates for home users
      at no charge and with no delay. We are excited to offer the latest vulnerability checks for
      personal, non-commercial use and strongly encourage home users to audit their computers and
      networks for the newest security flaws.

      Finally, Tenable’s “Direct Feed” will be re-named to the “ProfessionalFeed” and the “Registered Feed”
      will be discontinued. The ProfessionalFeed will entitle subscribers to the latest vulnerability and
      patch audits, configuration and content audits and commercial support for their Nessus 3
      installation. The ProfessionalFeed will serve as Tenable’s commercial subscription and will be
      required for individuals and organizations that want to use Tenable’s Nessus plugins commercially
  • 5plic3r, on 07/04/2008, -0/+2gcc?
  • emillman, on 07/04/2008, -0/+0No Metasploit? that things is a hacking paradise. Looks to me like one of those grocery store checkout isle magazine top 10's.
  • billymeter, on 07/04/2008, -0/+0I think it's funny how the article praises Linux and the very first screenshot is the Windows version of John.
  • kornelius, on 07/04/2008, -0/+0chkrootkit is nice, but i like rkhunter even better. Check it out: http://rkhunter.sourceforge.net/
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.