Hack Tutorial #1: Free Hacking Tools for Ethical Hackers

The ” Hack Tutorial ” series will contain multiple free courses, materials, and more in order to develop your hacking skills.

We all know that beginnings are difficult, but remember that everything becomes easier when we work together.

Intrusion tests, known as “Penetration Testing” or “Ethical Hacking“, are in these days a common practice to know the level of a company (website, servers, etc…) has.

These tests assess the type and extent of system and network vulnerabilities in terms of confidentiality and integrity.

Ethical hackers may use various tools and techniques. Each of these techniques has its own steps, methodology, and software used.

Even Google is used by hackers and attackers to perform something called ‘Google hacking’: by using basic search techniques with advanced operators, it can become a powerful tool to search for vulnerabilities.

Using advanced operators shown in the image, in combination with some specific terms, Google can be used to discover a lot of sensitive information that should not be revealed.

In order to help those pursuing an IT career path, we are offering a list of tools that can be used to improve your hacking skills. (Disclaimer: Don’t use these tools in bad intentions or without the owner approval)

Without any more words here are the tools:

Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is developed by the company named Portswigger, which is also the alias of its founder Dafydd Stuttard. BurpSuite aims to be an all-in-one set of tools and its capabilities can be enhanced by installing add-ons that are called BApps.
It is the most popular tool among professional web app security researchers and bug bounty hunters. 


ActiveScan++: ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behavior that may be of interest to advanced testers.

BurpSentinel: With BurpSentinel it is possible for the penetration tester to quickly and easily send a lot of malicious requests to parameters of an HTTP request. Not only that, but it also shows a lot of information of the HTTP responses, corresponding to the attack requests. It’s easy to find the low-hanging fruit and hidden vulnerabilities like this, and it also allows the tester to focus on the more important stuff!

Autorepeater Burp: Automated HTTP request repeating with Burp Suite. 

And more…

A full tutorial can be found here.

Nmap is a network mapper that has emerged as one of the most popular, free network discovery tools on the market. Nmap is now one of the core tools used by network administrators to map their networks. The program can be used to find live hosts on a network, perform port scanning, ping sweeps, OS detection, and version detection.

Hack Tutorial - More Free Hacking Tools!

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection failures and takes over database servers. It comes with a powerful detection engine, many niche features for the latest penetration tester, and a wide range of switches that last from fingerprinting to database data collection, access to the underlying file system, and command execution on the operating system.

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and therefore is portable to many platforms. WebScarab has several modes of operation, implemented by various plug-ins. In its most common use, WebScarab functions as an intercepting proxy, allowing the operator to review and modify requests created by the browser before sending them to the server, and to review and modify responses returned by the server before the browser receives them. . WebScarab can intercept both HTTP and HTTPS communications. The operator can also review the conversations (requests and responses) that passed through WebScarab.

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware.

John the Ripper (“JtR”) is one of those indispensable tools. It’s a fast password cracker, available for Windows, and many flavors of Linux. It’s incredibly versatile and can crack pretty well anything you throw at it.

Ettercap is a comprehensive suite for man-in-the-middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Virtual machines full of intentional security vulnerabilities. Exploit at will! Metasploitable is essentially a penetration testing lab in a box created by the Rapid7 Metasploit team.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Subscribe to our Newsletters!

Get breaking news, free eBooks and upcoming events delivered to your inbox!

Subscribe and get access to a Free Cyber Security Basics Course!

Don’t Stop Here

More To Explore

Critical Log4J Vulnerability

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute