- Kali Linux or Backtrack 5
- BackBox
- DEFT
- Pentoo
- NodeZero
- Anonymous OS
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by System Administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.
Cracking of wireless networks is the defeating of security devices in Wireless local-area networks. Wireless local-area networks(WLANs) – also called Wi-Fi networks are inherently vulnerable to security lapses that wired networks are exempt from.
Cracking is a kind of information network attack that is akin to a direct intrusion. There are two basic types of vulnerabilities associated with WLANs: those caused by poor configuration and those caused by weak encryption.
Network traffic monitoring is the process of reviewing, analyzing and managing network traffic for any abnormality or process that can affect network performance, availability and/or security.
It is a network management process that uses various tools and techniques to study computer network-based communication/data/packet traffic.
A Security fuzzer is a tool used by security professionals (and professional hackers :) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injectionand Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer.
A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). The code to be examined might alternatively be running on an instruction set simulator (ISS), a technique that allows great power in its ability to halt when specific conditions are encountered.
Encryption software is software that can encrypt and decrypt data, often in the form of files on a hard drive or packets sent over a network.
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways.
A software vulnerability is a security flaw, glitch, or weakness found in software or in an operating system (OS) that can lead to security concerns. So we can exploit this vulnerability using several tools like metasploit, sqlmap, etc.
Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.
Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. Forensic tools help in collecting such data.
These include tools like Netcat, Vmware, Socat, cURL, etc.
Please Share :)