Ethical hacking tools used by penetration testers are often identical or very similar to the tools used by malicious hackers. One set of ethical hacking tools helps to locate a target network — wireless or not — find a way to access the network and then break any password or other security in place to prevent that access. Another set of tools is used once access to a network is acquired, allowing for fast file scanning, detection of operating system vulnerabilities, and penetration of a secured database to extract information. A whole separate set of tools is employed to test the preparedness of a website or online service against attacks such as denial of service (DoS) or the exploitation of web-based applications.
One of the ethical hacking tools used when testing a system’s security is called a network scanner. This software can locate wireless signals that are otherwise hidden from normal software and can help to locate the addresses of networks that are wired to the Internet. This allows a tester to find a point of access into a network to begin testing internal security. Network vulnerability scanners can be used once an access point is found, providing the tester with a list of the hardware and software being used on the network. At this point, password-cracking software can be employed to try permutations of alphanumeric strings to find a password, or to track network protocols in an attempt to extract the password from an intercepted data packet.
Inside a network, one of the most valuable of the ethical hacking tools is a vulnerability scanner. There are several types available, but their basic concept is to identify the hardware and software being used and then to use the specific vulnerabilities they contain to gain more critical access to areas within the system. On very secure networks, there are even ways through different setups or operating systems to allow a hacker to seize administrative control over a system.
Inside a system, utilities such as file scanners can be used to isolate information quickly. Database scanners can find hidden vulnerabilities to allow an entire database to be transferred out of the network. Exploit software can assist in finding which exploitable bugs or errors need to be repaired to prevent a system from being taken over completely by an intruder.
An entire range of ethical hacking tools are designed not to penetrate a network for data harvesting, but instead help to simulate attacks targeted at pure disruption of services. These include programs that perform DoS attacks, overloading a server and potentially shutting it down for a time, and tools that can break a web server, install a false proxy address for visitors, or even modify the way data is input and output from a scripted web application. There also are ethical hacking tools that can assist in determining how and if a real hacker could intercept traffic to and from a website, allowing them to extract credit card or password information from users, despite encryption protocols.