Tuesday, September 16, 2008

Hacking and Network Troubleshooting tools for Ubuntu Linux

Linux supports tons of tools and utilities for scanning network vulnerabilities, cracking passwords and possibility of intrusions. Please always keep in mind that these tools are not for harm a system, but for protect them.

1. john the ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It is the most popular password testing/breaking programs as it combines a number of password crackers into one package, automatically detect password hash types. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

2. Nmap (Network Mapper)

Nmap is great and it is my favorite network security scanner. It is used to discover computers and services on a computer network. It is useful tool for Network Administrators for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.

3. Nessue

The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.
Its detect vulnerabilities on the tested systems such as:

-Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
-Misconfiguration (e.g. open mail relay, missing patches, etc).
-Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
-DoS attack against the TCP/IP stack by using mangled packets

4. chkrootkit

chkrootkit(Check Rootkit) is a common Unix-based program intended to help network administrators check their system for known rootkits. It is a Linux shell script. It is better to use from a clean LIVECD. It is listed in the Top 100 Network Security tools released by insecure.org

5. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

It passively collecting packets and detecting standard named networks, detecting hidden networks. It also detects sniffing programs including NetStumbler,and number of other wireless network attacks.

6. Netcat

Netcat is a computer networking utility for reading from and writing to network connections on TCP and UDP.


tcptrack is a sniffer which displays information about TCP connections it sees on a network interface.

Lot of others are available snort, hping, tcpdump, wireshark, sniffit, nwatch, nast, rkhunter

No comments: