Ethical Hacking 简明教程

Ethical Hacking - Tools

在本章中,我们将简单探讨一些广泛用于防止黑客攻击和未经授权访问计算机或网络系统的著名工具。

In this chapter, we will discuss in brief some of famous tools that are widely used to prevent hacking and getting unauthorized access to a computer or network system.

NMAP

Nmap 代表网络映射器。它是一款开源工具,广泛用于网络发现和安全审核。Nmap 最初设计用于扫描大型网络,但它也可以同样很好地扫描单个主机。网络管理员还发现它对诸如网络清单、管理服务升级计划和监控主机或服务正常运行时间之类的任务很有用。

Nmap stands for Network Mapper. It is an open source tool that is used widely for network discovery and security auditing. Nmap was originally designed to scan large networks, but it can work equally well for single hosts. Network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap uses raw IP packets to determine −

  1. what hosts are available on the network,

  2. what services those hosts are offering,

  3. what operating systems they are running on,

  4. what type of firewalls are in use, and other such characteristics.

Nmap 可以在诸如 Windows、Mac OS X 和 Linux 等所有主流计算机操作系统中运行。

Nmap runs on all major computer operating systems such as Windows, Mac OS X, and Linux.

Metasploit

Metasploit 是最强大的漏洞利用工具之一。它是 Rapid7 的产品,并且其大部分资源可以在 www.metasploit.com 上找到。它分为两个版本 − commercialfree edition 。Matasploit 可以通过命令提示符或 Web UI 来使用。

Metasploit is one of the most powerful exploit tools. It’s a product of Rapid7 and most of its resources can be found at: www.metasploit.com. It comes in two versions − commercial and free edition. Matasploit can be used with command prompt or with Web UI.

使用 Metasploit,你可以执行以下操作:

With Metasploit, you can perform the following operations −

  1. Conduct basic penetration tests on small networks

  2. Run spot checks on the exploitability of vulnerabilities

  3. Discover the network or import scan data

  4. Browse exploit modules and run individual exploits on hosts

Burp Suit

Burp Suite 是一个流行的平台,广泛用于执行 Web 应用程序的安全测试。它拥有各种协同工作的工具,支持整个测试过程,包括从应用程序攻击面的初始映射和分析到查找和利用安全漏洞。

Burp Suite is a popular platform that is widely used for performing security testing of web applications. It has various tools that work in collaboration to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp 易于使用,并且为管理员提供了完全的控制权,以便将高级手动技术与自动化相结合以进行高效测试。Burp 可以轻松配置,并且包含一些功能,即使是最有经验的测试人员也能在工作中使用它们。

Burp is easy to use and provides the administrators full control to combine advanced manual techniques with automation for efficient testing. Burp can be easily configured and it contains features to assist even the most experienced testers with their work.

Angry IP Scanner

Angry IP 扫描器是一款轻量级的跨平台 IP 地址和端口扫描器。它可以在任何范围内扫描 IP 地址。它可以自由地复制,并且可以在任何地方使用。为了提高扫描速度,它采用了多线程方法,其中为每个扫描的 IP 地址创建了一个单独的扫描线程。

Angry IP scanner is a lightweight, cross-platform IP address and port scanner. It can scan IP addresses in any range. It can be freely copied and used anywhere. In order to increase the scanning speed, it uses multithreaded approach, wherein a separate scanning thread is created for each scanned IP address.

Angry IP 扫描仪只需对每个 IP 地址执行 ping 以检查它是否处于活动状态,然后解析其主机名,确定 MAC 地址,扫描端口等。有关每个主机的收集的数据量可以保存到 TXT、XML、CSV 或 IP-端口列表文件中。借助插件,Angry IP 扫描仪可以收集有关扫描的 IP 的任何信息。

Angry IP Scanner simply pings each IP address to check if it’s alive, and then, it resolves its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be saved to TXT, XML, CSV, or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs.

Cain & Abel

Cain & Abel 是 Microsoft 操作系统的密码恢复工具。它通过采用下列任何一种方法帮助轻松恢复各种类型的密码 -

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It helps in easy recovery of various kinds of passwords by employing any of the following methods −

  1. sniffing the network,

  2. cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks,

  3. recording VoIP conversations,

  4. decoding scrambled passwords,

  5. recovering wireless network keys,

  6. revealing password boxes,

  7. uncovering cached passwords and analyzing routing protocols.

Cain & Abel 是一款非常实用的工具,适用于以下人群:安全顾问、专业渗透测试人员及打算出于道德原因使用该工具的人士。

Cain & Abel is a useful tool for security consultants, professional penetration testers and everyone else who plans to use it for ethical reasons.

Ettercap

Ettercap 的全称是 Ethernet Capture,它是一款用于针对中间人攻击的网络安全工具。它的功能包括嗅探活动连接、实时内容过滤以及其他许多有趣的小技巧。Ettercap 内置了网络和主机分析功能。它支持以主动和被动方式解析许多协议。

Ettercap stands for Ethernet Capture. It is a network security tool for Man-in-the-Middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. Ettercap has inbuilt features for network and host analysis. It supports active and passive dissection of many protocols.

你可以在所有流行的操作系统(例如 Windows、Linux 及 Mac OS X)上运行 Ettercap。

You can run Ettercap on all the popular operating systems such as Windows, Linux, and Mac OS X.

EtherPeek

EtherPeek 是一款非常棒的工具,它可以在多协议异构网络环境中简化网络分析。EtherPeek 是一款体积小巧(不足 2 MB)的工具,可以轻松地在数分钟内完成安装。

EtherPeek is a wonderful tool that simplifies network analysis in a multiprotocol heterogeneous network environment. EtherPeek is a small tool (less than 2 MB) that can be easily installed in a matter of few minutes.

EtherPeek 会主动嗅探网络上的流量数据包。在默认情况下,EtherPeek 支持以下协议:AppleTalk、IP、IP 地址解析协议 (ARP)、NetWare、TCP、UDP、NetBEUI 及 NBT 数据包。

EtherPeek proactively sniffs traffic packets on a network. By default, EtherPeek supports protocols such as AppleTalk, IP, IP Address Resolution Protocol (ARP), NetWare, TCP, UDP, NetBEUI, and NBT packets.

SuperScan

SuperScan 是一款非常强大的工具,网络管理员可以利用它来扫描 TCP 端口并解析主机名。它具有一个用户友好界面,可以用来:

SuperScan is a powerful tool for network administrators to scan TCP ports and resolve hostnames. It has a user friendly interface that you can use to −

  1. Perform ping scans and port scans using any IP range.

  2. Scan any port range from a built-in list or any given range.

  3. View responses from connected hosts.

  4. Modify the port list and port descriptions using the built in editor.

  5. Merge port lists to build new ones.

  6. Connect to any discovered open port.

  7. Assign a custom helper application to any port.

QualysGuard

QualysGuard 包含了一套工具,可简化安全操作并降低合规成本。它可以按需提供重要的安全情报,并针对 IT 系统和 Web 应用程序自动执行审计、合规性和保护的全方位服务。

QualysGuard is an integrated suite of tools that can be utilized to simplify security operations and lower the cost of compliance. It delivers critical security intelligence on demand and automates the full spectrum of auditing, compliance and protection for IT systems and web applications.

QualysGuard 包含了一组可监控、检测和保护你的全球网络的工具。

QualysGuard includes a set of tools that can monitor, detect, and protect your global network.

WebInspect

WebInspect 是一款 Web 应用程序安全评估工具,它用于识别 Web 应用程序层中已知和未知的漏洞。

WebInspect is a web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer.

它还可以帮助检查 Web 服务器是否配置正确,并尝试进行常见的 Web 攻击,例如参数注入、跨站点脚本编写、目录遍历等。

It can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more.

LC4

LC4 之前称为 L0phtCrack 。它是一款密码审核与恢复应用程序。它用于测试密码强度和恢复丢失的 Microsoft Windows 密码(有时会使用字典、暴力破解和混合攻击)。

LC4 was formerly known as L0phtCrack. It is a password auditing and recovery application. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, and hybrid attacks.

LC4 会恢复 Windows 用户帐户密码,以簡化将用户迁移到另一个身份验证系统或访问密码丢失的帐户。

LC4 recovers Windows user account passwords to streamline migration of users to another authentication system or to access accounts whose passwords are lost.

LANguard Network Security Scanner

LANguard Network Scanner通过扫描连接的计算机并提供每个节点的信息来监控网络。你可以获得有关每个单独的操作系统的信息。

LANguard Network Scanner monitors a network by scanning connected machines and providing information about each node. You can obtain information about each individual operating system.

它还可以检测注册表问题,并设置 HTML 格式的报告。对于每台计算机,你可以列出 netbios 名称表、当前登录用户和 Mac 地址。

It can also detect registry issues and have a report set up in HTML format. For each computer, you can list the netbios name table, current logged-on user, and Mac address.

Network Stumbler

Network stumbler is a WiFi scanner and monitoring tool for Windows. It allows network professionals to detect WLANs. It is widely used by networking enthusiasts and hackers because it helps you find non-broadcasting wireless networks.

Network Stumbler can be used to verify if a network is well configured, its signal strength or coverage, and detect interference between one or more wireless networks. It can also be used to non-authorized connections.

ToneLoc

ToneLoc stands for Tone Locator. It was a popular war dialling computer program written for MS-DOS in the early 90’s. War dialling is a technique of using a modem to automatically scan a list of telephone numbers, usually dialling every number in a local area code.

恶意黑客利用产生的列表突破计算机安全,如猜测用户帐户或定位可作为入口点进入计算机或其他电子系统的调制解调器。

Malicious hackers use the resulting lists in breaching computer security - for guessing user accounts, or locating modems that might provide an entry-point into computer or other electronic systems.

安全人员可利用它检测公司电话网络上的未授权设备。

It can be used by security personnel to detect unauthorized devices on a company’s telephone network.