This is a list of some of the most common hacking tools, security utilities with direct links for the most relevant (like ethereal hacking) and best to download hacking tools.
Download Hacking Tools Below
1. Nmap
I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
2. Nessus Remote Security Scanner
Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
Also see: OpenVAS – Open Vulnerability Assessment System (Nessus is Back!).
3. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Also see – JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY.
4. Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).
Also see – Nikto 2.1.0 Released – Web Server Security Scanning Tool.
5. SuperScan
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
Also see – Superscan v4.0 – Fast TCP & UDP Port Scanner for Windows.
6. p0f
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
Also see – p0f – Advanced Passive OS Fingerprinting Tool.
7. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Also see – Wireshark 1.2.1 Released – Network Protocol Analyzer.
8. Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Also see – Yersinia 0.7 Released with 802.1x Support – Layer 2 Attack Framework.
9. Eraser
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.
10. PuTTY
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.
11. LCP
Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.
Also see – LCP – A Good FREE Alternative to L0phtcrack (LC5).
12. Cain and Abel
My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
Also see – Cain & Abel – Download the Super Fast and Flexible Password Cracker with Network Sniffing.
13. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
A good wireless tool as long as your card supports rfmon (look for an orinocco gold).
Also see – Kismet – Wireless Network Hacking, Sniffing & Monitoring.
14. NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
- Verify that your network is set up the way you intended.
- Find locations with poor coverage in your WLAN.
- Detect other networks that may be causing interference on your network.
- Detect unauthorized “rogue” access points in your workplace.
- Help aim directional antennas for long-haul WLAN links.
- Use it recreationally for WarDriving.
Also see – NetStumbler – Windows Freeware to Detects Insecure Wireless Networks.
15. hping
To finish off your download hacking tools mission, something a little more advanced if you want to test your TCP/IP packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
Also see – hping3 – TCP/IP Packet Assembler & Analyser.
You can also check out the Top 10 Security Live CDs for Pen-Testing, Forensics and Recovery Here.
Ivan Minic says
Serious stuff mate…
toufeeq says
Add Metasploit to the list.
website: http://metasploit.org
Pedro Venda says
Nice set of tools.
I’d add the paros proxy since it’s is an absolutely critical, irreplaceable, must-have tool when doing web pen testing. It’s multiplatform (java) and distributed under the GPL.
Cheers,
Darknet says
toufeeq: Problem with metasploit is that is does everything all in one shot, not so great for learning, I recommend it once you already know how to do what it does manually, not before then!
Pedro: Yah it’s an excellent tool, the latest version was recently released, I do personally prefer Burp Suite, I will be featuring both in a future article about Applications for Web Testing.
Martin says
Great list of tools, I enjoyed reading your recommendations and suppose my visitors will also like them. Keep up the good work.
Lord Arcane says
Nice i personally like them all but you can’t forget about the oldie but goodie BO2K
Darknet says
Martin: Thanks, I hope they do :)
Lord Arcane: Yah it’s not bad, there are much better RAT software out there now like Optix and Beast though.
Keith says
I have personally used nmap before. However, I would prefer to use the following command:
nmap -v -sS -A xxx.xxx.xxx.xxx
to provide a verbose of the result as well as stealth scanning together with the result of the operating system underlying the network.
Ethereal is only a tool to detect the presence of local LAN machine, and packet between your PC and that PC. Nothing much really.
I like Putty, as it is a portable application. You can run it wherever you go, as long as you store it on your USB thumb drive or even a floppy drive (aging device).
From all these, Linux will provide the most hacking tools if you want to know, compared to Windows.
This is just a simple first step to learn to hack, not really hack to learn. Actualy, it’s not even hacking!!
eedahs says
You forgot netcat, netwag and metasploit
Jeff Schroeder says
You included some excellent tools, but you forgot the 2nd most important one. dsniff or hunt for doing man in the middle attacks. I would rate both of those tools right below nmap and way above hping. If you update this, you might check out those tools.
Great post btw.
mcsr says
does any body cracked password and login of this site
reN_hat says
hi… im just a newbie… and i wanna know which software to use… to crack yahoo e-mail passwords…. tnx…. i need my friendster pass too….. pls. anyone? tnx would the cain and abel work for that one?
Luther Blissett says
Just a couple of things.
“Nmap uses raw IP packets in novel ways to determine what hosts are available on the network”. Thats not necessarely true. Many times nmap uses ethernet frames to tell if a host is up or down. This is much more effective than sending IP paquets and it also prevents Intrusion Detection Systems from being suspicious about your intentions.
When u talk about Yersinia: “[…]weakeness in different Layer 2 protocols[…].” and you include DHCP in it. DHCP is encapsulated in UDP packets(layer 4) which are also encapsulated in IP datagrams (layer 3). So UDP is not a layer 2 protocol at all. I’d say its an application layer protocol.
Please, let me know if im wrong. I’d just wanted to correct 2 little mistakes. Anyway, good post. It’s nice that someone writes about this kind of stuff.
Darknet says
Luther Blissett: Thanks for your input! Those phrases you quote were abstracted from the actual authors of the tools, so I’m sure they know what their tools do! As for using Ethernet frames it quites rare for nmap, if you use the –packet_trace option in nmap you can see the communications send and received during a typical scan. AFAIK nmap has only supported ethernet frames since version 4 mainly to get around the limitations imposed on Windows XP in SP2, so nmap can now send at a lower level in the stack, thus bypassing these restrictions (–send-eth switch), raw socket generation is still the best option for *nix based systems. As for Yersinia, that’s debatable, but it’s considered DHCP is application layer, but DHCP delivery must be via layer 2.
sunny says
where can i get zipped hacking softwares & tools
Vipin Kumar says
Hai,
This article is mind blowing and exellect on hacking for newbies and for beigners those is new in the field of Hacking.
thanks a lot for this valuable tools download links
Beast aryan says
i want to hack a runescape account
Marc says
Great list! Thanks alot!
Ibrahim says
this is a very useful wesbite. thanks
Anita says
Question. When your chatting in a chat room such as yahoo, and people come in under diffrent names there use to be a program that enabled you to type in that persons name while they were IN THE SAME ROOM you were in, to find out what there ISP number is, and what state they are in, what is this sort of program called, and is it available still. Dont want nothing harmful just would like to know who’s impish. Please let me know
and thank you in advance for your time
Anita
Gouki says
If you are able to see that persons IP address (I never used any of those chat rooms), you can use dnsstuff.com to find more information about that IP.
anita says
Hey Gouki,
Thank you for helping me out. That was very nice of you.
Regards
Anita
Gouki says
No problem Anita.
Sami says
i want u to help me retrieve my email ([email protected])
nishi says
hi!
i m nishi. i want to learn heck. so how can i started
pöö says
ï dont understand any fuckin word!
ronke says
i wont to hack to learn……………. and i see this site as a very nice site that can provide me with all i wont about hacking and programming. kindly send me details on how ot get thingd down . thank you……………hope to hear from you soonest.
ronke.
Jay Sam says
Very good info. for beginners… But they are not “Top 15″…
Thanks.
Jay
nishi says
i wont to hack to learn……………. and i see this site as a very nice site that can provide me with all i wont about hacking and programming. kindly send me details on how ot get thingd down . thank you……………hope to hear from you soonest.
ronke.
Blight says
nice list of hacking tools.. But somewhat hard to learn for beginners like me.. But I’ll try to work on your tools..
Nurreg says
LCP is trojan-tastic!
seller says
hello i wanna get host scanner and mailer scammer cos am a spammer here this is my 1st time coming to this site pls
help me. i i need new mailer injections and ftp host injections and explct pls help me mail me back any one that can help me
i like this site cos and i wanna leacn how to hack well .thanks
thanks
i love this site
best regard
seller
stuartb4u says
Hello Masters,
can any one tellme how to get yahoo passwords throug editing messenger regisrty. and we get id password as offline message
please let me know if any one really know it
vinesh says
theres must be some software like free phone calls all games download virus creation mobile phone software download a bit of all small things but which r very useful to play with u see hacking is not just breaking law but to play with it whithout being behind bars?
sadiq says
thanking u for for site but ,am a begginer i would like to be tutored please.
anthony_dordines says
I want to learn how to hack, an advanced tutorials surfing and hacking on the internet can you please send me a advanced installer for hacking on my email….Thanks a lot that top 15 hacking utilities is nice
Anthony_ says
what about hacking windows vista?
leoz says
i was wondering if any of you kind people would teach me how to steal internet off my next door neighbour
his wireless connection is encrypted i need to bypass that some how or break it
i got a net work stumbler … im confused and do not know what to do
please help me
feel free to email me comments @
[email protected]
thx alot
leoz says
i still dont understand i downloaded yersina but it is just a bunch of files what do i do can u guide me step by step please im a complete idiot at this
Gouki says
If you’re a “complete iditot”, I don’t recommend using Yersinia. It’s a complex tool which involves knowledge of several things, low level protocols included.
Just to clear it up to you, you downloaded the source. In order to use the application you will have to compile it. Try searching for a binary package for your GNU/Linux distribution (you are using Linux, right!?).
I’m currently working on a Debian package, but that will still take a while.
leoz says
i aint using linux im using windows xp
please help i can hear my neighbours encrypted wireless internet service crying for my use
i dont no jack about hacking, all i know about is ip adresses
i have ablel and cain i also have a net stumbler
evans says
pls i need different types of softwares for hacking and resolving problems on computer/network.also need an extensive coaching on how to be an hacker.i will be glad if this can be granted assp.i will be looking forward to your reply.
Thanks in advance.
Regards
Gerald Combs says
Ethereal’s name changed a few months ago. Due to trademark issues, we switched to Wireshark last May.
Darknet says
Thanks Gerald, I’ve updated the post to reflect that.
allyshen says
nice work..
dan says
hi im looking to see if i can find program which will help me obtain peoples passwords on http://www.runescape.com is it possible with all the security the site has and if so can someone help me? Thanks
Derek says
Hi,
im after a keylogger which can be remotely installed, attched to a program or pic… and is undetectable by avast,avg, whatever… Please help ahave looked everwhere and this is my last resort…
afandina says
hi
this agood site i think, and please i wanna know everything in the computers connecting with me in my networking
wanna know which they explore….wanna know every thing when someone from them put his ass in his disk until he raise it…..my email is…[email protected]……and thanks alot for allllll………
qwe says
alert (“hi to all”)
Adi says
Awesome stuff
jean says
This is an awesome article! nice
s1n says
no one said ettercap!? Craziness…
backbone says
s1n ettercap was already mentioned := wireshark
Rob says
I would like to get superscan but all of the downloads i have tried dont work also whenever i try to use nmap the screen just flashes all f the command in command and then quits. Suggestions?
backbone says
nmap is a command line utility, run cmd.exe and after that start nmap…. about superscan try harder (way to simple) with google.
Darknet says
I have Superscan, I’ll try and hook it up later.
Rob says
i looked for superescan for about 45 minutes and found nothing except dead links if you say its so easy fing and give me the link and thanks for the nmap thing it worked.
I was also wondering when i try to download .zip file why my browser displays a little X and does not let me download it also was shouli use to open files that aren’t .exe those do not work either
Suggestions?
backbone says
1. click here
2. i used google “superscan download” and the 5th link is above
3. install firefox
4. if firefox, reinstall because you possibly mis configured it
backbone says
previously i said at the second point that I searched on google “superscan download”, in fact i searched “download superscan”.
if I would have searched for the first time “superscan download”, I would have found the link I gave you in the first position, not 5th
TheRealDonQuixote says
Hey you left out tools to find software based exploits, including cracking and debugging.
I have one to add, the old OllyDBG has been replace by Immunity Debugger. Its a free piece of software created by Immunity, a pentesting company and its purportedly From my latest tests its a great free alternative to IDA Pro.
BTW- I wish I had a job with Immunity, but I don’t, so I’m not selling snake oil here.
Darknet says
TRDQ: This is an old post dude, although it’s still incredibly popular – I have been planning to do an update for 2007 – I have the Immunity Debugger post in draft already – cool tool :)
TheRealDonQuixote says
SWEET!! Something I mentioned is gonna be in an article. Unless … you found it before I mentioned it didn’t you :(
Darknet says
Of course we found it before you mentioned it :)
TheRealDonQuixote says
Darn! Hey, you said “WE found it” are there more than one of you?
Darknet says
TRDQ: I cloned myself to more efficiently scour the web for cool stuff to post here :D
TheRealDonQuixote says
Darn, I told my Mom I needed a clone, but she was all “Blah Blah affront to nature Etc.”. I am so not going to help her when she loses her shoes next time.
ashish says
nice collection of tools.but what about a starter.
can any one teach me how to hack??????
cueva.quebrada says
I’ve been reading all of these posts and many of them deal with wanting to learn how to hack. If you have searched google with “How to hack,” I’m sure you have stumbled upon many short and confusing answers.
Just some advice for those that this applies to. Look at many definitons of what hacking is (hint). When you understand what those definitions are all about, start learning more about how computers work; start with the very basics of controlling computers (programming).
You are not going to find a simple answer and instruction booklet giving you lessons to become a 1337 hax0r. You have to have the motivation and build the skills to teach yourself. Hacking is not just something you learn to do overnight. It involves years of hard work and dedication.
I first searched google with “How to hack” about 10 years ago. It brought me to page after page of things I didn’t understand. Now after going for a degree in computer science and mathematics, as well as spending years researching as much as I can about how electronics work, I understand a lot more, but still there is so much for me to learn.
If you don’t know binary, html (or any language for that matter), how the internet works, or what hacking really means, don’t fret. Just put in the time to understand these things. You won’t see the beauty of hacking until you understand the world of language of computers.
ascetik says
You should look at w3af the web auditing and attack frame work. I have a tutorial on its uses to audit web applications at http://pentesterconfessions.blogspot.com/2007/10/how-to-use-w3af-to-audit-web.html
Check it out…
Sandeep Nain says
Yes ascetik, you are right.. w3af is worth checking out… and darknet posted this article on it:
https://www.darknet.org.uk/2007/08/w3af-web-application-attack-and-audit-framework/
Darknet is always a step ahead :)
zupakomputer says
Anyone else found the Win version of p0f doesn’t run (asked for missing dll’s which I provided, then found another executable problem which I can’t remember the exact details of now) – or is it just because I tried using it on XP sp1?
eM3rC says
I would try updating to SP2 and applying all the new window updates as well as updating drivers for stuff like .Net (I know there’s no correlation but never hurts), etc.
If I have some free time I’ll look into it. What DLL is failing to load if you don’t mind me asking?
zupakomputer says
It’s not my OS / machine so I wouldn’t update it; was just wondering if anyone else had found the win binary didn’t run.
I suppose a better way of phrasing that would’ve been: anyone try it on XP SP2 and found it worked ok.
One of them was packet.dll, I forget what the other one was. The executable problems exact details similarly escape me.
Pantagruel says
p0f requires winpcap get that one here:
http://www.mirrorservice.org/sites/ftp.wiretapped.net/pub/security/packet-capture/winpcap/
Ran perfect after extracting the zip file (Win XP SP2)
BoYRuLeZ says
huh.. still fighting with OS XP ..?? get over it.. switch to Vista now it also works fine after 1st SP released..
zupakomputer says
Thanks Pantagruel, I hadn’t noticed you posted that until now – it’s hard keeping track of what’s been commented on here.
BoYRuLeZ – it’d seem not everyone shares that view of Vista’s recent service pack update; at any rate I don’t know if p0f has a Vista version anyway.
Must be a lonely place that one – the ‘don’t use XP Pro SP2, use Vista instead’ area. My tastes don’t run into the only apps that would really benefit (moreso in the future since there’s still some Nvidia issues) from a Vista upgrade over XP – namely DivX10 games. Certainly, going the Vista route isn’t worth it unless you go 64 bit. And I think you have to make sure you get an OEM (the more expensive version?) cause otherwise it locks to whatever motherboard it’s installed on! Secure yes, but an issue if you want to upgrade or if anything goes wrong with the board.
‘Nother thing some folks were complaining about was the user-unauthorised updates, some of which turn off vital firewall settings, and apparently report back on user activity to the vendor. Yikes.
That said, it’ll be nice to see what the game coders are going to do with all the extra multicore and more RAM, and the 64 bit, capabilities Vista has. The hardware is available but the software isn’t really making use of it as yet. Scalable parallel coding is a good place to start.
Pantagruel says
with zupakomputer
There is little use in Vista except the much heralded but badly supported DX10. 64bit is an option but driver support (as with 64 bit XP) is lacking. Honestly I see little need for a perfectly working XP-SP2 setup to be ‘upgraded’ to Vista-SP1 for merely some eye candy and the performance loss suffered. The one reason might be 4+ GB of RAM support, but for now 2GB works well enough.
zupakomputer says
DX10 – that’s what I meant. Not sure where that ‘v’ came from..
James C says
I see no use for vista. Personally I consider it the new windows millennium edition the filling between XP and Windows 7 (aka Blackcomb, Vienna or whatever there calling it now). Just like millennium edition was the filling between win98SE and XP.
Pantagruel says
@ James C
True Vista feels more like plastic surgery than a real improvement.
The adition of user account control sound great but tin the real world it’s turned off quick enough since nearly everyone expects to be the local superuser by default (partially a problem due to badly written 3rd party software not being able to function properly under UAC.
Hopefully the new Windows version will finale sport all the things Vista was supposed to have but ended up doing without (file system for instance)
me says
hi im brand new to hacking, i should probably learn c++ and stuff before i get going on hard stuff but for now im trying to use LCP a lot of the spaces i have to enter info in are complete 0110111011 to me and cant really guess it in cause of my noobness, any tutorials?
ZaD MoFo says
Ok, I know… I am a bit
James C says
@ZaD MoFo
This list is the of the “Top 15 Security/Hacking Tools & Utilities” . XP SP2 is an OS not a tool or utility for hacking(all be it the best Microsoft OS at the minute). XP SP2 provides only the environment in which a hacking/Security tool can run, as can any other OS.
So to answer your question “Do you think XP should have his entry in this
Pantagruel says
@James C
I think Zad MoFo is making fun of the recent ‘me’s too dumb ass to read howto’s and wants quick cracking skillz for yahoo/gmail/facebook/etc.’ postings. I must admit they are getting a tad annoying those ‘ I want to crack but without any effort spend’ calls for help.
fever says
all good tools to have in your collection.
billy says
Excellent list of tools, NMAP definitely deserves to be number 1.
dery pratama says
thanks for information , i just search from Google about hacking software and i found top-15-security hacking tools utilities from impcompfacts.blogspot.com. so , i want to share information and sorry if i mistake about article source.
“I Hacker but not Cracker”
;-)
Morgan Storey says
This is really a great list of tools to fill the gaps, even I haven’t played with a fair few in this list, glad I found it while trawling through the old posts. One of my favourites that was recently ported to Linux is AngryIP scanner, it can scan a whole /24 in about a minute through its multi-threaded approach.
Ridwan says
Nice information, thanks dude!!