While the title of this article Hacking Software may have gotten your attention, it actually refers to a range of software and applications that are widely used by hackers and security professionals alike. In effect, by building a network lab, you are creating an environment in which you can (and must) ethically hack. And while on this topic, it should also be made clear that you should never run any tools.
The objective is to keep it legal while you increase your knowledge. Many pieces of software can be used for good or malicious purposes. For example, consider port scanners. While attackers use them to scan open ports that can be used for potential attacks, security professionals use port scanners to verify that ports truly are closed and that firewall rule sets are working.
Therefore, if you were going to make a short list of dual-use software, you might include the items in the following list. The best place to start gathering tools is http://sectools.org . This site, run by Insecure.Org, lists the top security tools, and has done so since 2000. Check out the site for a complete listing, but in the meantime here are the top ten:
■ Wireshark —Packet sniffer
■ Metasploit —Exploit framework
■ Nessus —Vulnerability assessment tool
■ Aircrack —Wireless exploitation tool
■ Diverse Windows exploitation tool
■ Netcat —Command-line back-end tunneling tool
■ tcpdump —Packet sniffer
■ John the Ripper —Password-recovery tool
■ Kismet —Wireless hacking tool
■ Burp Suite —Web proxy and web application tester
■ OWASP Web Proxy
■ Capsa Network Analyzer
■ BeEF browser exploit framework
■ IDA Pro
■ OWASP Xenotix Exploit Framework
■ FOCA Network Intelligence tool
A lot of other hacking tools are available, yet many, such as virus generators or remote access Trojans (RATs), have little or no practical purpose other than to spread malware and cause problems. This book won’t spend much time examining these types of tools, but just keep in mind they do exist.
Building your own security lab to serve as a laboratory environment for network security experimentation is not diffi cult to do, and it need not be particularly expensive. By applying some effort and taking a little time, you can cut your costs and still build a good test bed. By using some of the things that are likely already available to you and adding a few additional components, you can build a network in a couple of days.
The benefits are many. First, this provides a setting in which you can work with hacking tools without impacting other network users. If damage occurs, and you built the network intelligently, used virtual images, and backed-up everything, it will be relatively easy to restore systems to their previous state. One key piece of this project is determining which operating systems to install. Just because of their dominance in the marketplace, you need to install Windows and Linux operating systems.
Windows is the most popular desktop OS and is used extensively around the world. Understanding its vulnerabilities and how it is secured is an important component of building your own security lab. Linux is well positioned as a backend server for many major fi rms around the world. Linux is also an important platform for security tool development.
Much of this is based on the open source nature of the OS. Open source means that you can search for a fi x and even solicit the user community for help. Much like distributed computing, the result is that you have thousands of eyes and minds working on problems and glitches. Another important topic in this chapter concerned how to do more with less. This means a way to have more computer operating systems running with fewer physical computers.