🛠️ Tools and Techniques

Master the essential tools and methods used by ethical hackers and security researchers

Overview

The right tools make all the difference in cybersecurity. From passive reconnaissance to exploitation and reporting, every phase of ethical hacking relies on specialized utilities and frameworks. This guide introduces must-know tools, how they work, and when to use them effectively.

🧰 Tool Categories and Use Cases

🔍 Reconnaissance

  • theHarvester: Gathers emails, domains, and subdomains from public sources
  • Sublist3r: Rapid subdomain enumeration using OSINT techniques
  • Shodan: Search engine for Internet-connected devices

🌐 Scanning and Enumeration

  • Nmap: Industry standard for port scanning and service discovery
  • Masscan: Extremely fast scanner for large networks
  • WhatWeb: Identifies web technologies and CMS platforms

🔓 Exploitation Frameworks

  • Metasploit: Powerful framework for exploit development and post-exploitation
  • SQLmap: Automated SQL injection detection and exploitation
  • XSStrike: Advanced XSS detection suite

📂 Directory & File Enumeration

  • Gobuster: Brute-force URIs and DNS subdomains
  • Dirsearch: Directory brute-forcing with powerful options

📦 Miscellaneous Tools

  • Burp Suite: Web application proxy for testing and modifying HTTP traffic
  • Netcat: Network tool for banner grabbing, reverse shells, and more
  • John the Ripper: Password cracker supporting multiple hash formats

🔧 Practical Usage Examples

# Run Nmap for port scanning and service detection
nmap -sS -sV -T4 192.168.1.1

# Use Sublist3r for subdomain discovery
sublist3r -d example.com

# Directory brute-forcing with Gobuster
gobuster dir -u https://example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# SQL injection detection with SQLmap
sqlmap -u "https://example.com/page.php?id=5" --batch --dbs

💡 Tips and Best Practices

📚 Recommended Resources