Selecting Tools For Your Hacking Job - dummies

Selecting Tools For Your Hacking Job

By Kevin Beaver, Stuart McClure

As with any project, if you don’t have the right tools for ethical hacking, accomplishing the task effectively is difficult. Having said that, just because you use the right tools doesn’t mean that you will discover all vulnerabilities.

Know the personal and technical limitations. Many security assessment tools generate false positives and negatives (incorrectly identifying vulnerabilities). Others just skip right over vulnerabilities altogether. If you’re performing tests such as social engineering or physical security assessments, you may miss weaknesses because security testing tools aren’t quite that smart.

Many tools focus on specific tests, and no tool can test for everything. For the same reason you wouldn’t drive in a nail with a screwdriver, you shouldn’t use a word processor to scan your network for open ports. This is why you need a set of specific tools that you can call on for the task at hand. The more (and better) tools you have, the easier your ethical hacking efforts are.

Make sure you’re using the right tool for the task:

  • To crack passwords, you need cracking tools like pwdump3 and Proactive Password Auditor.
    A general port scanner, such as SuperScan or Nmap, just won’t work for cracking passwords.
  • For an in-depth analysis of a Web application, a Web application assessment tool (such as N-Stalker or WebInspect) is more appropriate than a network analyzer (such as Ethereal).

When selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people online. A simple groups search on Google or perusal of security portals, such as Security Focus, Search Security, and IT Security, often produces great feedback from other security experts.

Hundreds, if not thousands, of tools can be used for ethical hacking — from your own words and actions to software-based vulnerability assessment programs to hardware-based network analyzers. The following list runs down some of great commercial, freeware, and open source security tools:

  • Cain and Abel
  • EtherPeek
  • SuperScan
  • QualysGuard
  • WebInspect
  • Proactive Password Auditor
  • LANguard Network Security Scanner
  • RFprotect Mobile
  • ToneLoc

The capabilities of many security and hacking tools are often misunderstood. This misunderstanding has cast negative light on otherwise excellent and legitimate tools.

Some of these security testing tools are complex. Whichever tools you use, familiarize yourself with them before you start using them. Here are ways to do that:

  • Read the readme and/or online help files for your tools.
  • Study the user’s guides for your commercial tools.
  • Use the tools in a lab/test environment.
  • Consider formal classroom training from the security-tool vendor or another third-party training provider, if available.

Look for these characteristics in tools for ethical hacking:

  • Adequate documentation
  • Detailed reports on the discovered vulnerabilities, including how they may be exploited and fixed
  • General industry acceptance
  • Availability of updates and support
  • High-level reports that can be presented to managers or nontechie types

These features can save you a ton of time and effort when you’re performing your tests and writing your final reports.