You have countless hacking tools at your disposal, but they only hold value if you use them to their full potential. Our hacking tools cheat sheet will show you the best tools for specific jobs and how to use them.
Don’t waste your time hammering away at a problem to no avail when there is a perfect tool for the job collecting dust. Master these tools now and become the hacker you’ve always wanted to be.
Click here to download a pdf copy to keep with you, and read on to power up your hacking.
Table Of Contents
Basic Linux Networking Tools
SHOW IP CONFIGURATION:
# ip a lw
# dig stationx.net
CHANGE IP/MAC ADDRESS:
# ip link set dev eth0 down
# macchanger -m 23:05:13:37:42:21 eth0
# ip link set dev eth0 up
STATIC IP ADDRESS CONFIGURATION:
# ip addr add 10.5.23.42/24 dev eth0
REVERSE DNS LOOKUP:
# dig -x 10.5.23.42
OR USING AN NMAP SCRIP:
# nmap -sn -Pn stationx.net
COMBINE VARIOUS SOURCES FOR SUBDOMAIN ENUM:
# amass enum -src -brute -min-forrecursive
2 -d stationx.net
FIND OWNER/CONTACT OF DOMAIN OR IP ADDRESS:
# whois stationx.net
GET NAMESERVERS AND TEST FOR DNS ZONE TRANSFER:
# dig example.com ns
# dig example.com axfr @n1.example.com
GET HOSTNAMES FROM CT LOGS: SEARCH FOR:
%.stationx.net on https://crt.sh.
LISTEN ON TCP PORT:
# ncat -l -p 1337
CONNECT TO TCP PORT:
# ncat 10.5.23.42 1337
CREATE SELF-SIGNED CERTIFICATE:
# openssl req -x509 -newkey rsa:2048
-keyout key.pem -out cert.pem -nodes
CONNECT TO TLS SERVICE USING OPENSSL:
# openssl s_client -connect
TEST TLS SERVER CERTIFICATE AND CIPHERS:
# sslyze –regular 10.5.23.42:443
ONLINE TLS TESTS:
START TLS SERVER:
# ncat –ssl -l -p 1337 –ssl-cert
cert.pem –ssl-key key.pem
CONNECT TO TLS SERVICE:
# ncat –ssl 10.5.23.42 1337
SHOW CERTIFICATE DETAILS:
# openssl s_client -connect
10.5.23.42:1337 | openssl x509 -text
TCP TO TLS PROXY:
# socat TCP-LISTEN:2305,fork,reuseaddr
START PYTHON WEBSERVER ON PORT 2305:
# python3 -m http.server 2305
USEFUL CURL OPTIONS:
-k: Accept untrusted certificates
-d “foo=bar”: HTTP POST data
-H: “Foo: Bar”: HTTP header
-I: Perform HEAD request
-L: Follow redirects
-o foobar.html: Write output file
–proxy http://127.0.0.1:8080: Set proxy
PERFORM HTTP REQUEST:
# curl http://10.5.23.42:2305/?foo=bar
SCAN FOR COMMON FILES/APPLICATIONS/CONFIGS:
# nikto -host https://example.net
ENUMERATE COMMON DIRECTORY-/FILENAMES:
# gobuster dir -k -u
# arpspoof -t 10.5.23.42 10.5.23.1
SHOW ARP CACHE:
# ip neigh
# tcpdump [options] [filters]
USEFUL TCPDUMP FILTERS:
not arp: No ARP packets
port ftp or port 23: Only port 21 or 23
host 10.5.23.31: Only from/to host
net 10.5.23.0/24: Only from/to hosts in
OR A GRAPHICAL TOOL:
# ettercap -G
DELETE ARP CACHE:
# ip neigh flush all
USEFUL TCPDUMP OPTIONS:
# tcpdump [options] [filters]
-n: Disable name and port resolution
-A: Print in ASCII
-XX: Print in hex and ASCII
-w file: Write output PCAP file
-r file: Read PCAP file
Advanced sniffing using tshark or Wireshark.
SNIFFING OVER SSH ON A REMOTE HOST:
# ssh 10.5.23.42 tcpdump -w- port not
ssh | wireshark -k -i –
SHOW TRANSMITTED IMAGES:
SEARCH IN NETWORK TRAFFIC:
# ngrep -i password
SHOW HTTP GET REQUESTS:
# nmap -n -sn -PR 10.5.23.0/24
SCAN FOR VULNERABILITIES (SCRIPT CATEGORY FILTER):
DISABLE SMB AND HTTP IN RESPONDER.CONF AND START RESPONDER:
# ./Responder.py -I eth0
NTLM RELAY TO TARGET AND EXTRACT SAM FILE:
# ./ntlmrelayx.py -smb2support -t
ACCESS FILES VIA SOCKS PROXY:
# proxychains smbclient -m smb3
‘\10.5.23.42C$’ -W pc05 -U
Use SharpHound to gather information and import into Bloodhound to analyze.
Download PingCastle from pingcastle.com and generate Report.
Frequently Asked Questions
What do most hackers use to hack?
There are several tools hackers use to perform hacking. Most commonly, hackers will use:
• Nmap to scan a network • Tools like Netcat or Meterpreter to catch shells • Hashcat for password cracking • Metasploit to manage sessions and launch exploits • Mimikatz for Windows credentials gathering
But there are many more tools available, as you can see above.
What is the first step of hacking?
Assuming you’ve already gone through the process of getting written permission from the system owner to perform a test and confirmed you were given the correct target IP address, scanning and enumeration would be the first step (sometimes simply referred to as reconnaissance).
Is hacking a crime?
Hacking is not a crime, but hacking a system without the permission of the owner is a crime and can carry very steep legal repercussions.
What coding do hackers use?
Hackers are usually familiar with scripting languages such as Bash, Powershell, and Python. Other coding languages can depend on your specialty (such as C for exploit developers or Java for web application penetration testers).
Which type of hacker is best?
If by types you are referring to:
• White hat (ethical hackers auditing systems with permission) • Black hat (criminal hackers usually seeking to damage a system) • Grey hat (hackers with good intentions but still hack a system without permission) • Red hat hackers (vigilantes who hack black hat hackers)
Then we much prefer white hats. They seek to make the internet a safer place and always with the consent of the system owner. They also benefit from not facing criminal charges and, on average, make more money than the other types.
What do hackers want?
Different hackers want different things. Some want to help defend systems the legal way, some want to defend systems the illegal way, some want to damage systems for fun or profit, and others have different motivations entirely.
The one thing in common is that hackers want to see how a system works and try to make it act in a way it wasn’t designed to.
Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular “The Complete Cyber Security Course”, which has been taken by over half a million students in 195 countries. He is the winner of the AI “Cyber Security Educator of the Year 2020” award and finalist for Influencer of the year 2022.