10 Best Hacking and Security Software Tools for Linux

Linuxis a hacker’s dream computer operating system. It supports tons oftools and utilities for cracking passwords, scanning networkvulnerabilities, and detecting possible intrusions. I have here acollection of 10 of the best hacking and security software tools forLinux. Please always keep in mind that these tools are not meant toharm, but to protect.

1. John the Ripper

John the Ripperis a free password cracking software tool initially developed for theUNIX operating system. It is one of the most popular passwordtesting/breaking programs as it combines a number of password crackersinto one package, autodetects password hash types, and includes acustomizable cracker. It can be run against various encrypted passwordformats including several crypt password hash types most commonly foundon various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS,and Windows NT/2000/XP/2003 LM hash. Additional modules have extendedits ability to include MD4-based password hashes and passwords storedin LDAP, MySQL and others.

2. Nmap

Nmapis my favorite network security scanner. It is used to discovercomputers and services on a computer network, thus creating a "map" ofthe network. Just like many simple port scanners, Nmap is capable ofdiscovering passive services on a network despite the fact that suchservices aren't advertising themselves with a service discoveryprotocol. In addition Nmap may be able to determine various detailsabout the remote computers. These include operating system, devicetype, uptime, software product used to run a service, exact versionnumber of that product, presence of some firewall techniques and, on alocal area network, even vendor of the remote network card.

Nmapruns on Linux, Microsoft Windows, Solaris, and BSD (including Mac OSX), and also on AmigaOS. Linux is the most popular nmap platform andWindows the second most popular.

3. Nessus

Nessusis a comprehensive vulnerability scanning software. Its goal is todetect potential vulnerabilities on the tested systems such as:

-Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
-Misconfiguration (e.g. open mail relay, missing patches, etc).
-Defaultpasswords, a few common passwords, and blank/absent passwords on somesystem accounts. Nessus can also call Hydra (an external tool) tolaunch a dictionary attack.
-Denials of service against the TCP/IP stack by using mangled packets

Nessusis the world's most popular vulnerability scanner, estimated to be usedby over 75,000 organizations worldwide. It took first place in the2000, 2003, and 2006 security tools survey from SecTools.Org.

4. chkrootkit

chkrootkit(Check Rootkit) is a common Unix-based program intended to help systemadministrators check their system for known rootkits. It is a shellscript using common UNIX/Linux tools like the strings and grep commandsto search core system programs for signatures and for comparing atraversal of the /proc filesystem with the output of the ps (processstatus) command to look for discrepancies.

It can be used from a"rescue disc" (typically a Live CD) or it can optionally use analternative directory from which to run all of its own commands. Thesetechniques allow chkrootkit to trust the commands upon which it dependa bit more.

There are inherent limitations to the reliability ofany program that attempts to detect compromises (such as rootkits andcomputer viruses). Newer rootkits may specifically attempt to detectand compromise copies of the chkrootkit programs or take other measuresto evade detection by them.

5. Wireshark

Wiresharkis a free packet sniffer computer application used for networktroubleshooting, analysis, software and communications protocoldevelopment, and education. In June 2006, the project was renamed fromEthereal due to trademark issues.

The functionality Wiresharkprovides is very similar to tcpdump, but it has a GUI front-end, andmany more information sorting and filtering options. It allows the userto see all traffic being passed over the network (usually an Ethernetnetwork but support is being added for others) by putting the networkinterface into promiscuous mode.

Wireshark uses thecross-platform GTK+ widget toolkit, and is cross-platform, running onvarious computer operating systems including Linux, Mac OS X, andMicrosoft Windows. Released under the terms of the GNU General PublicLicense, Wireshark is free software.

6. netcat

netcat is a computer networking utility for reading from and writing to network connections on either TCP or UDP.

Netcatwas voted the second most useful network security tool in a 2000 pollconducted by insecure.org on the nmap users mailing list. In 2003, itgained fourth place, a position it also held in the 2006 poll.

The original version of netcat is a UNIX program. Its author is known as *Hobbit*. He released version 1.1 in March of 1996.

Netcat is fully POSIX compatible and there exist several implementations, including a rewrite from scratch known as GNU netcat.

7. Kismet

Kismetis a network detector, packet sniffer, and intrusion detection systemfor 802.11 wireless LANs. Kismet will work with any wireless card whichsupports raw monitoring mode, and can sniff 802.11a, 802.11b and802.11g traffic.

Kismet is unlike most other wireless networkdetectors in that it works passively. This means that without sendingany loggable packets, it is able to detect the presence of bothwireless access points and wireless clients, and associate them witheach other.

Kismet also includes basic wireless IDS featuressuch as detecting active wireless sniffing programs includingNetStumbler, as well as a number of wireless network attacks.

8. hping

hpingis a free packet generator and analyzer for the TCP/IP protocol. Hpingis one of the de facto tools for security auditing and testing offirewalls and networks, and was used to exploit the idle scan scanningtechnique (also invented by the hping author), and now implemented inthe Nmap Security Scanner. The new version of hping, hping3, isscriptable using the Tcl language and implements an engine for stringbased, human readable description of TCP/IP packets, so that theprogrammer can write scripts related to low level TCP/IP packetmanipulation and analysis in very short time.

Like most tools used in computer security, hping is useful to both system administrators and crackers (or script kiddies).

9. Snort

Snortis a free and open source Network Intrusion prevention system (NIPS)and network intrusion detection (NIDS) capable of performing packetlogging and real-time traffic analysis on IP networks.

Snortperforms protocol analysis, content searching/matching, and is commonlyused to actively block or passively detect a variety of attacks andprobes, such as buffer overflows, stealth port scans, web applicationattacks, SMB probes, and OS fingerprinting attempts, amongst otherfeatures. The software is mostly used for intrusion preventionpurposes, by dropping attacks as they are taking place. Snort can becombined with other software such as SnortSnarf, sguil, OSSIM, and theBasic Analysis and Security Engine (BASE) to provide a visualrepresentation of intrusion data. With patches for the Snort sourcefrom Bleeding Edge Threats, support for packet stream antivirusscanning with ClamAV and network abnormality with SPADE in networklayers 3 and 4 is possible with historical observation.

10. tcpdump

tcpdumpis a common computer network debugging tool that runs under the commandline. It allows the user to intercept and display TCP/IP and otherpackets being transmitted or received over a network to which thecomputer is attached.

In some Unix-like operating systems, auser must have superuser privileges to use tcpdump because the packetcapturing mechanisms on those systems require elevated privileges.However, the -Z option may be used to drop privileges to a specificunprivileged user after capturing has been set up. In other Unix-likeoperating systems, the packet capturing mechanism can be configured toallow non-privileged users to use it; if that is done, superuserprivileges are not required.

The user may optionally apply aBPF-based filter to limit the number of packets seen by tcpdump; thisrenders the output more usable on networks with a high volume oftraffic.

Do you have a favorite security software tool for Linux? Feel free to comment and tell us about it.