Although 2020 has been the worst year since 1945, as last year, this year we made a ranking with the most popular tools between January and December 2020.
Today, statistics on major websites around the world (views, downloads, usage, etc.) have summarized the 20 most popular hacking tools in 2019 for everyone. The scope mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
Take the top 20 models, but listed below in no particular order!
001 Hijacker v1.5
An all-in-one WiFi cracking tool for Android.
Project Address: HTTPS: // github.com/chrisk44/Hij Acker
Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI applications for Android 5+. (Requires root)
feature
- View nearby wifi and device list
- Get access point information
- Cancel the connection of others
- Capture packets and more
002 Findomain v0.9.3
The fastest and cross-platform subdomain enumerator. (I was going to push it before, but it was ignored by mistakes)
Project address: https:// github.com/Edu4rdSHL/fi ndomain
Its biggest advantage is: fast
The test result is that 84110 subdomains are collected in 5.5 seconds.
feature
- Subdomain monitoring
- API query
- DNS over TLS support
- Determine whether the domain name is resolved
- Output as a file, etc.
003 EagleEye
Friends tracker, use image recognition and reverse image search to find their Instagram, FaceBook and Twitter profiles.
Project address: https:// github.com/ThoughtfulDe v/EagleEye
At least one friend's photo (.jpg file required) and name or nickname are required. (You can use docker for one-click installation)
Searching through portrait recognition is still very useful. For example, if you want a girl’s Twitter account, just grab a photo of her and some names or nicknames and search for it. (Of course, there are a lot of face bumps~)
004 ANDRAX v4 DragonFly
A penetration testing platform on Android.
Official Website: HTTPS: // andrax.thecrackertechnology.com /
Features
- Support Android5.0+, carry it with you
- Open source
- 900+ tools
- 1000+ attack types
Experience the hacking attack by swiping your phone in "Watch Dogs", and your heart is not as good as action.
005 CQTools
The latest Windows hacker toolkit.
Document: https:// cqureacademy.com/blog/b lack-hat-asia-2019-tools
Starting from sniffing and spoofing activities, through information collection, password extraction, custom shell program generation, custom payload generation, anti-virus solutions, hidden codes, various keyloggers, etc., the toolkit can be used in the infrastructure Conduct a full-scale attack within and use this information to attack again. Some of these tools were released to the world by the CQURE team for the first time.
006 Sampler
Tools for shell command execution, visualization and alerting (using simple YAML file configuration).
Project address: https:// github.com/sqshq/sample r
Official website: https:// sampler.dev/
Purpose: You can directly sample any dynamic process from the terminal, observe changes in the database, monitor MQ real-time messages, trigger deployment scripts and get notifications when completed.
If you can use Shell commands, you can use Sampler to temporarily visualize them.
007 LOIC 1.0.8
Network stress tester.
Address: https:// sourceforge.net/project s/loic/
LOIC sends TCP or UDP packets to the server to disrupt the service of a specific host and execute a denial of service (DoS) attack (or a DDoS attack used by multiple people) on the target site. Many people voluntarily use LOIC to join the botnet.
This software inspired the creation of a standalone JavaScript version called JS LOIC and a LOIC-based web version Low Lowbit Web Cannon, which can enable DoS from a web browser for stress testing.
008 EasySploit
Metasploit automation (faster than ever).
Project address: https:// github.com/KALILINUXTRI CKSYT/easysploit
Options
- Windows
- Android
- Linux
- MacOS
- Web
- Whether the scan target is vulnerable to ms17_010
- Use Windows 7/2008 x64 to enable remote desktop (ms17_010_eternalblue) only through IP (ms17_010_eternalblue)
- Use Windows Vista / XP / 2000/2003 to enable remote desktop (ms17_010_psexec) only through IP (ms17_010_psexec)
- Use the link to use Windows (HTA server)
- contact
009 SQLMap
Automatic SQL injection and database takeover tool.
Project address: https:// github.com/sqlmapprojec t/sqlmap
I won't introduce this too much, old acquaintance.
010 ScanQLi
ScanQLi is a simple SQL injection scanner with some additional features. The tool cannot take advantage of SQLi, it can only detect them.
Project address: https:// github.com/bambish/Scan QLi
011 OKadminFinder
In short, the background scanner.
Project address: https:// github.com/mIcHyAmRaNe/ okadminfinder3
Advantage
- Rich dictionary
- proxy
- Self-renew
012 Shellphish
18 kinds of social media phishing tools (Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest)
Project address: https:// github.com/thelinuxchoi ce/shellphish
As the name suggests, click to end.
013 DNS Shell
Interactive Shell on DNS channel
What is DNS Shell
The payload is generated when the server script is called. It only uses nslookup to execute queries and query the server for new commands. Then the server listens to incoming communications on port 53. Once the payload is executed on the target computer, the server An interactive shell will be generated.
After the channel is established, if a new command is entered, the payload will continuously query the server for the command, and it will execute the command and return the result to the server.
014 QRLJacker v2.0
A new social engineering attack surface.
Project address: https:// github.com/OWASP/QRLJac king
QRLJacking attack process
- The attacker initiates the client QR session and then clones the login QR code into the phishing website: "Now, the carefully crafted phishing page has a valid and regularly updated QR code that can be sent to the victim."
- The attacker sends the phishing page to the victim.
- The victim scans the QR code using a specific target mobile application.
- The attacker gains control of the victim's account.
- The service is exchanging all victim's data with the attacker's session.
QR code is a type of two-dimensional barcode.
015 PhoneSploit
Utilize Andriod devices by using the open Adb port.
Project address: https:// github.com/metachar/Pho neSploit
Features
- Port forwarding
- Grab wpa_supplicant
- Turn on/off WiFi
- Delete password
- Extract the apk from the application
- Get battery status
- Get current activity, etc.
016 SocialBox
Bruteforce attack framework coded by Belahsan Ouerghi (Facebook, Gmail, Instagram, Twitter)
Project address: https:// github.com/Cyb0r9/Socia lBox
017 Instainsane
Instainsane is a shell script that can perform a multi-threaded brute force attack on Instagram. The script can bypass login restrictions and can test an unlimited number of passwords at a rate of about 1000 passwords/minute with 100 attempts at a time.
Project address: https:// github.com/thelinuxchoi ce/instainsane
Advantage
- Multithreading (100 attempts at a time)
- Save/restore session
- Anonymous via TOR
- Check valid username
- Enrich password dictionary
- Check and install all dependencies
018 Tool-X
Tool-X is a kali linux hacker tool installer. Tool-X developed for termux and other Android terminals. Using Tool-X, you can install nearly 370 hacking tools in termux applications and other Linux-based distributions.
Project address: https:// github.com/Rajkumrdusad /Tool-X
019 Hacktronian
An all-in-one hacking tool for Linux and Android.
Official website: https:// thehackingsage.github.io /hacktronian/
Project address: https:// github.com/thehackingsa ge/hacktronian
Features
- collect message
- Password blasting
- Wireless test
- development tools
- Sniffing and deceiving
- Cyber hacking tools
- Private network hacking tool
- Post Exploitation
020 Ultimate Facebook Scraper
The bot can crawl almost all content of Facebook user profile, including all public posts/status available on the user’s timeline, uploaded photos, tagged photos, videos, friend lists and their profile photos (including followers, Followers, work friends, college friends, etc.).
Project address: https:// github.com/harismuneer/ Ultimate-Facebook-Scraper
feature
Fetch almost all content of Facebook user profile:
- Uploaded photos
- Tagged photos
- film
- Friends list and their profile photos (including followers, followers, etc.)
- And all public posts/status available on the user’s timeline.
The above are the 20 most popular hacking tools in 2021, don’t miss it when you pass by