With the spread of Internet and increasing dependence of businesses on Internet, security of information being displayed , transferred or stored online is becoming a big concern for everyone. Businesses, financial institutions as well as common people are falling prey to various online threats and are becoming victims of cyber crime. Money as well as identities are being stolen by hackers on daily basis , here are some stunning facts
- Identity Theft Resource Center® (ITRC) with sponsor CyberScout released the 2017 Annual Data Breach Year-End Review stating 2017 hit a new all-time high of 1,579, up 44.7 percent over last year’s record total of 1,091 breaches.
- According to Panda Security in 2015 every day 230,000 new malware samples are produced and trends are increasing only.
- Symantec 978 million people in 20 countries were affected by cybercrime in 2017 and victims lost $172 billion collectively which is $142 per victim.
The following graph from ITRC indicates the grim situation of category of attacks :
The latest report from World Economic Forum states Cyber attacks as the 3rd most likely event .
Considering all these facts and figures, Cyber security is being considered as the top most concern by all government and private institutions. Because of the rising threats , Cyber security professionals are in great demand. With this article I am publishing the top most tools which can help you to learn security and pentesting – a skill owned by every Cyber Security professional.
Tools of the Trade :
#1. Kali Linux:-
Kali linux is one of the best OS utilized by Cybersecurity professionals as it contains number of security exploits and pen testing tools. Latest version of Kali offers more than 600 preinstalled pen testing tools. One can use Kali as a live DVD/USB – which means you can directly run it from a bootable DVD or pen-drive.
#2. Parrot Security OS:-
Parrot is Debian based operating system developed by the team of Frozenbox. It is the best competitor of Kali in terms of tools and ease. Parrot Security OS is a GNU/LINUX distribution based on Debian. It has tools for vulnerability scanning, penetration tests, Computer Forensics and Anonymous Surfing. It has been developed by Frozenbox’s Team. It can be run as live OS just like Kali.
#3. Backbox OS:-
Backbox OS another Linus based free open source security OS built with purpose to provide pentesting tools for Cybersecurity professionals. BackBox is an Ubuntu-based operating system with its focus on security assessment and penetration testing. BackBox comes with a wide range of security analysis tools that help you in web application analysis, network analysis etc.
DEFT stands for Digital Evidence and Forensic Toolkit based on Ubuntu. It’s an open source distribution of Linux built around the DART (Digital Advanced Response Toolkit) software. Deft is Ubuntu customization with a collection of computer forensic programs. DEFT is highly versatile as a forensic tool and is regularly used by big organizations and government agencies such as police and military for performing forensic analysis besides being used a pentest tool.
#5. BlackArc Linux:-
BlackArch Linux is another pentesting Linux distribution used by security researchers and ethical hackers. It’s derived from Arch Linux and contains more than 1000 tools for penetration testing, forensic analysis, vulnerability scans, exploitation etc.
Bugtraq -2 Blackwidow is a Open-Source Linux Distribution based in Ubuntu and Debian with PAE kernel 3.2 and 3.4 , offers the most comprehensive distribution, is optimal, and stable with automated services manager in real time. Bugtraq has more than 500 grouped under different branches, you will find mobile forensic tools, malware testing laboratories, tools of the Bugtraq-Community, audit tools for GSM, wireless, bluetooth and RFID, integrated Windows tools, tools focused on ipv6, and typical pentesting and forensics tools. Bugtraq is available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse and is available in 11 different languages.
#7 Offensive Web Testing Framework
OWASP OWTF is a project that aims to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing. It provides out-of-box support for the OWASP Testing Guide, the NIST and the PTES standards.
OWTF provides a Dockerfile to run on any platform Docker supports!
The Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
If you are looking forward a career in Cyber Security, hands on experience with above tools will definitely help you. Personally I like the Bugtraq and Parrot OS. I am looking forward to the OWASP OWTF which is going to offer some tools via browser and option to create docker instance.