Hacking Tools are computer programs and scripts that help hackers and security researchers find and exploit weaknesses in computer systems, web applications, servers, and networks. There is a variety of such tools available on the market.

Some of them are open source while others are the commercial solution. Some are dedicated to Windows users meanwhile another is only made for Linux lovers. In this article, we will discuss in brief the top 20 tools that are widely used to prevent hacking and getting unauthorized access to a computer or network system.



Nmap stands for Network Mapper. It is an open-source tool that is used widely for network discovery and security auditing. Nmap was originally designed to scan large networks, but it can work equally well for single hosts. Network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap uses raw IP packets to determine

  • What hosts are available on the network.
  • What services those hosts are offering.
  • What operating systems they are running on.
  • What type of firewalls are in use and other such characteristics.

Nmap runs on all major computer operating systems such as Windows, Mac OS X, and Linux.



Metasploit is one of the most powerful exploit tools. It’s a product of Rapid7 and most of its resources can be found at www.metasploit.com. It comes in two versions which are commercial and free edition. Metasploit can be used with the command prompt or with Web UI.

With Metasploit, you can perform the following operations

  • Conduct basic penetration tests on small networks.
  • Run spot checks on the exploitability of vulnerabilities.
  • Discover the network or import scan data.
  • Browse exploit modules and run individual exploits on hosts.

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.



BurpSuite is a popular platform developed by PortSwigger that is widely used for performing security testing of web applications. It has various tools that work in collaboration to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

BurpSuite is easy to use and provides the administrators with full control to combine advanced manual techniques with automation for efficient testing. Burp can be easily configured and it contains features to assist even the most experienced testers with their work.



Angry IP Scanner is a lightweight, cross-platform IP address and port scanner. It can scan IP addresses in any range. It can be freely copied and used anywhere. To increase the scanning speed, it uses a multithreaded approach, wherein a separate scanning thread is created for each scanned IP address.

Angry IP Scanner simply pings each IP address to check if it’s alive, and then, it resolves its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be saved to TXT, XML, CSV, or IP-Port list files. With the help of plugins, Angry IP Scanner can gather any information about scanned IPs.



John the Ripper is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS. Historically, its primary purpose is to detect weak Unix passwords. These days, besides many Unix crypt(3) password hash types, supported in "-jumbo" versions are hundreds of additional hashes and ciphers.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Some of the Features

  • John the Ripper is free and Open Source software.
  • Proactive password strength checking module.
  • It allows online browsing of the documentation.
  • Support for many additional hash and cipher types.
  • Allows browsing the documentation online including a summary of changes between two versions.

Initially developed for the Unix operating system John the Ripper now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testings and breaking programs as it combines several password crackers into one package, autodetects password hash types, and includes a customizable cracker.



Ettercap stands for Ethernet Capture. It is a network security tool for Man-in-the-Middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. Ettercap has inbuilt features for network and host analysis. It supports active and passive dissection of many protocols.

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

You can run Ettercap on all the popular operating systems such as Windows, Linux, and Mac OS X.

Some of the Features

  • Supports active and passive dissection of many protocols.
  • ARP poisoning to sniff on a switched LAN between two hosts.
  • Characters can be injected into a server or to a client while maintaining a live connection.
  • Ettercap is capable of sniffing an SSH connection in full-duplex.
  • Allows sniffing of HTTP SSL secured data even when the connection is made using the proxy.
  • Allows creation of custom plugins using Ettercap's API.

Ettercap works by putting the network interface into promiscuous mode and by ARP poisoning the target machines. Thereby it can act as a 'man in the middle' and unleash various attacks on the victims. Ettercap has plugin support so that the features can be extended by adding new plugins.



WireShark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto standard across many commercial and non-profit enterprises, government agencies, and educational institutions.

Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Wireshark has a rich feature set which includes the following:

  • Deep inspection of hundreds of protocols, with more being added all the time.
  • Live capture and offline analysis.
  • Standard three-pane packet browser.
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others.
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
  • The most powerful display filters in the industry.
  • Rich VoIP analysis.
  • Capture files compressed with gzip can be decompressed on the fly.
  • Coloring rules can be applied to the packet list for quick, intuitive analysis.
  • Output can be exported to XML, PostScript®, CSV, or plain text.

Another important point it's WireShark is cross-platform, using the Qt widget toolkit in current releases to implement its user interface, and using pcap to capture packets; it runs on Linux, macOS, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.



Aircrack-NG is a complete suite of tools to assess WiFi network security. All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. Aircrack-NG works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

It focuses on different areas of WiFi security

  • Packet capture and export of data to text files for further processing by third-party tools.
  • Replay attacks, de-authentication, fake access points, and others via packet injection.
  • Checking WiFi cards and driver capabilities.
  • Cracking WEP and WPA PSK (WPA1 and WPA2).

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. Another important point to consider, Aircrack-NG runs under Linux, FreeBSD, macOS, OpenBSD, and Windows; the Linux version is packaged for OpenWrt and has also been ported to the Android, Zaurus PDA, and Maemo platforms and a proof of concept port has been made to the iPhone.



NetSparker is a scalable, multi-user web application security solution with built-in workflow and reporting tools ideal for security teams. It’s available as a hosted and self-hosted solution and can be fully integrated with any development or testing environment.

Some of the Features

  • Accurate Reports with Proof-Based Scanning.
  • Scan All Your Web Assets.
  • Advanced Scanning & Crawling Technology.
  • Identify the Most Complex Vulnerabilities.
  • Practical Vulnerability Details.
  • Include All the Team to Boost Security.
  • Automate Vulnerability Triage & Management.
  • Integration in the SDLC, DevOps & Other Environments.
  • Built-In Tools for Advanced Assessments.

Netsparker is an easy to use yet advanced web security solution that can easily scale up and automatically find vulnerabilities in hundreds and thousands of web applications and web services within a matter of hours. NetSparker It can also be easily integrated within your secure SDLC.



Acunetix is a fully automated pen-testing solution that reproduces hacker vision and action to keep one step ahead of malicious intruders. The web application security scanner accurately scans HTML5, JavaScript and Single-page applications.

Some of the Features

  • Detect over 4500 web application vulnerabilities.
  • Scan open-source software and custom-built applications.
  • Detect critical vulnerabilities with 100% Accuracy.
  • DeepScan for crawling AJAX-heavy client-side single-page applications.
  • Industry’s most advanced SQL Injection and Cross-site Scripting (XSS) testing tools.
  • Highest rate of detection of WordPress vulnerabilities.
  • Fast & Scalable crawl hundreds of thousands of pages without interruptions.
  • Integrates with popular WAFs and Issue Trackers to aid in the SDLC.

Furthermore, Acunetix can audit complex, authenticated web apps and issues compliance and management reports on a wide range of web and network vulnerabilities.



Tor Browser is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis.

  • Tor Browser isolates each website you visit so third-party trackers and ads can't follow you. Any cookies automatically clear when you're done browsing. So will your browsing history.
  • Tor Browser prevents someone from watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor.
  • Tor Browser aims to make all users look the same making it difficult for you to be fingerprinted based on your browser and device information.

Using Tor Browser makes it more difficult to trace Internet activity to the user. This includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored.



Hashcat is the self-proclaimed world's fastest password recovery tool. It had a proprietary code base until 2015 but is now released as open-source software. Versions are available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants. Examples of hashcat-supported hashing algorithms are Microsoft LM hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, and Cisco PIX.

Some of the Features

  • Multi-Platform (CPU, GPU, DSP, FPGA, etc., everything that comes with an OpenCL runtime).
  • Multi-Hash (Cracking multiple hashes at the same time).
  • Multi-Devices (Utilizing multiple devices in the same system).
  • Multi-Device-Types (Utilizing mixed device types in the same system).
  • Supports password candidate brain functionality.
  • Supports distributed cracking networks (using overlay).
  • Supports interactive pause/resume.
  • Supports sessions.
  • Supports restore.
  • Supports reading password candidates from file and stdin.
  • Supports hex-salt and hex-charset.
  • Supports automatic performance tuning.
  • Supports automatic keyspace ordering markov-chains.
  • Built-in benchmarking system.
  • Integrated thermal watchdog.
  • 200+ Hash-types implemented with performance in mind.

Hashcat has made its way into the news many times for the optimizations and flaws discovered by its creator, which were exploited in subsequent Hashcat releases.



Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.

Some of the Features

  • Cookie-jar/cookie-string support.
  • Custom header support.
  • SSL support with fine-grained options.
  • User-Agent spoofing.
  • Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1, and HTTP/1.0.
  • Command-line Interface.
  • Web User Interface.
  • Pause/resume functionality.
  • High-performance asynchronous HTTP requests.

It is versatile enough to cover a lot of use cases, ranging from a simple command-line scanner utility to a global high-performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. Besides, the simple REST API of Arachni makes integration a cinch.

14. VEGA


Vega is a free and open-source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information and other vulnerabilities. It is written in Java, GUI based and runs on Linux, OS X, and Windows.

Some of the Features

  • Vega has a well-designed graphical user-interface.
  • Vega is written in Java and runs on Linux, OS X, and Windows.
  • Vega detection modules are written in Javascript. It is easy to create new attack modules using the rich API exposed by Vega.

Furthermore, Vega can help you find vulnerabilities such as reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. Vega also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers.



Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS framework. Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR hardware like the RTLSDR, and other specialized capture hardware.

Furthermore, Kismet works on Linux, OSX, and, to a degree, Windows 10 under the WSL framework. On Linux, it works with most Wi-Fi cards, Bluetooth interfaces, and other hardware devices. On OSX it works with the built-in Wi-Fi interfaces, and on Windows 10 it will work with remote captures.

Some of the Features

  • Kismet includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as some wireless network attacks.
  • Kismet features the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible file format.
  • Kismet also features the ability to detect default or "not configured" networks, probe requests, and determine what level of wireless encryption is used on a given access point.
  • Kismet supports channel hopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example, 1-6-11-2-7-12-3-8-13-4-9-14-5-10).
  • Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.

Kismet differs from other wireless network detectors in working passively. Namely, without sending any loggable packets, Kismet it can detect the presence of both wireless access points and wireless clients, and associate them with each other. It is also the most widely used and up to date open source wireless monitoring tool.



OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

The OpenSSL Software Foundation (OSF) represents the OpenSSL project in most legal capacities including contributor license agreements, managing donations, and so on. OpenSSL Software Services (OSS) also represents the OpenSSL project, for Support Contracts.



Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco.

Snort's open source network-based intrusion detection/prevention system (IDS/IPS) can perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and matching.

The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, semantic URL attacks, buffer overflows, server message block probes, and stealth port scans.

Snort can be configured in three main modes

  • Sniffer.
  • Packet logger.
  • Network intrusion detection.

In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. Snort will then perform a specific action based on what has been identified.



Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts.

Some of the Features

  • Outbound and inbound connections, TCP or UDP, to or from any ports.
  • Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
  • Built-in port-scanning capabilities, with randomizer.
  • Advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or a specified file) of transmitted and received data.
  • Optional RFC854 telnet codes parser and responder.

At the same time, Netcat it is a feature-rich network debugging and exploration tool since it can create almost any kind of connection you would need and has several interesting built-in capabilities.



RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It cracks hashes with rainbow tables. RainbowCrack uses a time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.

Some of the Features

  • Full time-memory tradeoff tool suites, including rainbow table generation, sort, etc ...
  • Support rainbow table of any hash algorithm.
  • Support rainbow table of any charset.
  • Support rainbow table in raw file format (.rt) and compact file format (.rtc).
  • Computation on multi-core processor support.
  • GPU acceleration with NVIDIA GPUs (CUDA technology).
  • GPU acceleration with AMD GPUs (OpenCL technology).
  • GPU acceleration with multiple GPUs.
  • Runs on Windows operating systems.
  • Runs on Linux operating systems.
  • Unified rainbow table file format on all supported operating systems.
  • Command-line user interface.
  • Graphics user interface.

GPU acceleration is another key feature of RainbowCrack software. By offloading most runtime computation to NVIDIA/AMD GPU, overall hash cracking performance can be improved further.



Nessus scans cover a wide range of technologies including operating systems, network devices, hypervisors, databases, web servers, and critical infrastructure. The results of the scan can be reported in various formats, such as plain text, XML, HTML, and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open-source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

Vulnerabilities and exposures Nessus can scan for include

  • Vulnerabilities that could allow unauthorized control or access to sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc.).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
  • Denials of service vulnerabilities

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system. Nessus can also support configuration and compliance audits, SCADA audits, and PCI compliance.