TAG Lit - Ethical Hacking (Tools & Principals)

Hello, this document is a general introduction to Ethical Hacking and the many tools and tricks involved.

An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. Ethical hackers use the same methods and techniques to test and bypass a system's defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found, they document them and provide actionable advice on how to fix them so the organization can improve its overall security.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd.

Want to crack WEP or WPA router passwords? That’s what AirCrack does, but who wants to wrestle with its command line interface? Fern WiFi Cracker provides a GUI interface that front-ends AirCrack to make your life that bit easier.

John the Ripper is a command line-based password cracker that’s noted for its speed. Its primary purpose is to detect weak Unix passwords. It’s featured on Kali Linux and is also available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. But being a command line tool with lots of switches, John the Ripper is more easily used when front-ended by Johnny, a GUI for John the Ripper that makes your password cracking much easier.

Maltego is an amazing relationship analysis tool that can track who or what is connected to what or who. The software can explore links between people, social networks, organizations, web sites, Internet infrastructure, phrases and has tags on Twitter, affiliations and files and produces graphical network diagrams.

The Metasploit Framework allows you to safely simulate attacks on your network to uncover security issues, verify defenses, test security controls, track mitigation efforts, manage phishing exposure, and audit web applications. It can run in either command line or GUI mode can be used with Nexpose to assess and validate vulnerabilities in your environment. Because Metasploit Framework is a pretty complex tool there’s also Armitage, a utility that helps visualize targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.