Ethical hacking is also called “security professionals” who uses their hacking skill and tools to protect their system.
According to the EC-Council, Ethical hacker is defined as “an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.”
Hackers can be divided into different categories:
Based on Intent of hacking system:
- white hat
- black hat
- grey hat.
Based on what they hack and how they do it
- Red Hat Hackers
- Blue Hat Hackers
- Elite Hackers
- Script Kiddie
Tools used by ethical hackers to prevent the systems:
- NMAP stands for Network Mapper.
- It is a free and open source utility for network discovery and security auditing.
- It is useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
- NMAP runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X
- Metasploit is one of the most powerful exploit tools
- It is widely used for penetration testing
- It helps to verify vulnerabilities and manage security assessments.
- It can be used with command prompt or with Web UI.
- Burp Suite is a web application security testing platform which has various tools such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender.
- Angry IP scanner is a very fast IP address and port Scanner which is not required any installation and can be freely copied and used anywhere.
- It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight.
- Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.
- It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.
Cain & Abel :
- Cain & Abel is a sniffing and password recovery tool for Microsoft Operating Systems.
- It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force, and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
- Ettercap stands for Ethernet Capture.
- Ettercap is a comprehensive suite for man in the middle attacks.
- It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
- It supports active and passive dissection of many protocols and includes many features for network and host analysis.
- Superscan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone (now part of McAfee).
- It includes a variety of additional networking tools such as ping, traceroute, HTTP HEAD, and whois.
The Qualys Cloud is a web-based tool to serve an integrated solution for
- Asset Discovery
- Network Security
- Web Application Security
- Threat Protection
- Compliance Monitoring.
- WebInspect is a web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer.
- It can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more
- LC4, L0phtCrack application Is used to password auditing and recovering.
- LC4 helps administrators secure Windows-authenticated networks through comprehensive auditing of Windows NT and Windows 2000 user account passwords
LANguard Network Security Scanner:
- Are you security administrator and finding difficulties in securing your network effectively.
- This is the most wanted tool for security administrator which can scan and detect registry issues in all connected devices
- Network stumbler is the window monitoring tools that all ethical hacker must know to check network configuration, signal strength, and coverage, detect interference between one or more wireless networks
- Tone LOC stands for Tone locator used by a security officer to scan a list of telephone numbers, usually dialing every number in a local area code.
- It detects unauthorized devices on a company’s telephone network.