Hacker Tools Top Five Our Recommended Pentesting Tools and Hacking Software For 2018

Nmap (Network Mapper)

Used to Scan Ports and Map Networks – and a whole bunch more!

Cost of Tool: Free

Nmap is an abbreviation of ‘Network Mapper’, and it’s very well known free open source hackers tool. Nmap is mainly used for network discovery and security auditing.

Literally, thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime.

Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target.

There are dozens of benefits of using nmap, one of which is that fact that the admin user is able to determine whether the network (and associated nodes) need patching.

Nmap’s been featured in literally every hacker movie out there, not least the recent Mr. Robot series.

It’s also worth mentioning that there’s a GUI version of Nmap called ‘Zenmap’. We’d advise you to learn using Nmap (i.e. the ‘command line’) then rotate into Zenmap when you are feeling all confident.


Metasploit Penetration Testing Software

Vulnerability Exploitation Tool

Cost of Tool: Free & Paid

The Metasploit Project is a hugely popular pentesting or hacking framework.

Metasploit, along with nmap (see above) and Wireshark (see below) and probably the ‘best known’ three hacker software tools out there.

If you are new to Metasploit think of it as a ‘collection of hacking tools and frameworks’ that can be used to execute various tasks. Also – we should also add that if you have never heard of Metasploit and are interested in getting into the Cybersecurity Industry, especially as a Penetration Tester, then this is a ‘must-learn’ tool.

Most practical IT Security courses such as OSCP and CEH include a Metasploit component.

Widely used by cybersecurity professionals and penetration testers this is an awesome piece of software that you really out to learn.

Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation.

There’s a ton of incredibly useful Metasploit information out there and we hope that the books that we’ve chosen go someway to help you on your journey, not least if you are a beginner just starting out and looking for beginners tutorials in how to use Metasploit.


John The Ripper

Password Cracking Tool

Cost of Tool: Free

Quite frankly – this is the coolest named tool out there: John the Ripper.

Often you’ll see it abbreviated as ‘JTR’ this is an awesome bit of hacking software that is designed to crack even very complicated passwords.

John the Ripper, mostly just referred to as simply, ‘John’ is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a ‘wordlist’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks.

If you are somewhat confused between John the Ripper and THC Hydra then think of John the Ripper as an ‘offline’ password cracker whilst THC Hydra is an “online” cracker. Simple.


THC Hydra

Password Cracking Tool

Cost of Tool: Free

We’ve purposely placed THC Hydra underneath John The Ripper because they often go ‘hand-in’hand’. THC Hydra (we’ve abbreviated to simply ‘Hydra’ throughout our site) is a hugely popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. Take a look at John the Ripper as well.


OWASP Zed

Web Vulnerability Scanner

Cost of Tool: Free

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security. ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually. Understanding and being able to master this tool would also be advantageous to your career as a penetration tester. If you are a developer then you have it’s obviously highly recommended that you learn how to become very proficient with this ‘hacker tool!’