If you're a penetration tester, there are numerous tools you can use to help you accomplish your goals.


From scanning to post-exploitation, here are ten tools you must know if you are into cybersecurity.


什么是网络安全? (What is Cybersecurity?)

Being a cybersecurity engineer means being responsible for an entire network. This network includes computers, routers, mobile phones, and everything that connects to the internet.

成为网络安全工程师意味着要对整个网络负责。 该网络包括计算机,路由器,移动电话以及连接到Internet的所有内容。

Thanks to the rise of Internet of Things, we see more and more devices connecting to the internet every day. Services like Shodan are proof of how dangerous it is to have an internet-connected device without adequate security.

由于物联网的兴起,我们每天看到越来越多的设备连接到互联网。 Shodan之类的服务证明了拥有没有足够安全性的互联网连接设备有多么危险。

We cannot rely on Antivirus software either, given how sophisticated today’s hackers are. Besides, most attacks nowadays use social engineering as their entry point. This makes it even harder for cybersecurity professionals to detect and mitigate these attacks.

考虑到当今黑客的复杂程度,我们也不能依靠防病毒软件。 此外,当今大多数攻击都以社会工程学为切入点。 这使得网络安全专业人员更加难以检测和缓解这些攻击。

Covid-19 has become another major catalyst for growing cyber-attacks. Employees working from home don’t have access to the same enterprise-level security architectures in their workplace.

Covid-19已成为发展网络攻击的另一主要催化剂。 在家工作的员工无法在工作场所访问相同的企业级安全体系结构。

The growing number of cyber-attacks have also increased the demand for cybersecurity professionals around the world. Due to this increasing demand, Cybersecurity has been attracting a lot of experts as well as beginners.

越来越多的网络攻击也增加了对全球网络安全专业人员的需求。 由于这种需求的增长,网络安全吸引了许多专家和初学者。

For those of you who are new to Cybersecurity, hacking is not as cool as it looks on TV. And there is a high probability that you will end up in jail.

对于网络安全新手来说,黑客攻击并不像在电视上看起来那么酷。 而且您很有可能最终入狱。

However, being a penetration tester or a white hat hacker is different – and beneficial – since you will be playing with the same tools black hat hackers (the bad ones) play with. Except for this time, it's legal, and your goal is to help companies discover security vulnerabilities so they can fix them.

但是,作为渗透测试人员或白帽黑客是不同的-也是有益的-因为您将使用与黑帽黑客(坏人)相同的工具。 除了这次,这是合法的,您的目标是帮助公司发现安全漏洞,以便他们可以修复它们。

You can learn more about the types of hackers here.

您可以在此处了解有关黑客类型的更多信息 。

It is always hard to find the right tools to get started in any domain, especially if you are a beginner. So here are 10 tools to help you get started as a cybersecurity engineer.

在任何领域都很难找到合适的入门工具,特别是如果您是初学者。 因此,这里有10种工具可帮助您入门,成为网络安全工程师。

初学者网络安全工程师的顶级工具 (Top Tools for Beginner Cybersecurity Engineers)

Wireshark (Wireshark)

Having a solid foundation in Networking is essential to becoming a good penetration tester. After all, the internet is a bunch of complex networks that communicate with each other. If you are new to Networking, I recommend this playlist by Network Direction.

扎实的网络基础对于成为一名优秀的渗透测试人员至关重要。 毕竟,互联网是一堆相互通信的复杂网络。 如果您不熟悉网络,建议通过Network Direction推荐此播放列表 。

Wireshark is the world’s best network analyzer tool. It is an open-source software that enables you to inspect real-time data on a live network.

Wireshark是世界上最好的网络分析器工具。 它是一个开源软件,使您可以检查实时网络上的实时数据。

Wireshark can dissect packets of data into frames and segments giving you detailed information about the bits and bytes in a packet.


Wireshark supports all major network protocols and media types. Wireshark can also be used as a packet sniffing tool if you are in a public network. Wireshark will have access to the entire network connected to a router.

Wireshark支持所有主要的网络协议和媒体类型。 如果您在公共网络中,也可以将Wireshark用作数据包嗅探工具。 Wireshark将有权访问连接到路由器的整个网络。

Sites like Facebook and Twitter are encrypted now, thanks to HTTPS. This means that even though you can capture packets from a victim computer in transit to Facebook, those packets will be encrypted.

借助HTTPS,现在可以对诸如Facebook和Twitter之类的网站进行加密。 这意味着,即使您可以捕获从受害者计算机传输到Facebook的数据包,这些数据包也将被加密。

Still, being able to capture data packets in realtime is an important utility for a penetration tester.


地图 (Nmap)

Nmap is the first tool you will come across when you begin your career as a penetration tester. It is a fantastic network scanning tool that can give you detailed information about a target. This includes open ports, services, and the operating system running on the victim’s computer.

Nmap是您作为渗透测试员开始职业时会遇到的第一个工具。 这是一个了不起的网络扫描工具,可以为您提供有关目标的详细信息。 这包括打开的端口,服务以及在受害者计算机上运行的操作系统。

Nmap is popular among penetration testers for many reasons. It is simple, flexible, and extensible. It offers a simple command-line interface where you can add a few flags to choose different types of scans.

Nmap在渗透测试人员中很受欢迎,原因有很多。 它简单,灵活且可扩展。 它提供了一个简单的命令行界面,您可以在其中添加一些标志来选择不同类型的扫描。

Nmap also offers simple ping scans all the way up to aggressive scans that provide detailed ports and service information.


Nmap also provides a GUI tool called Zenmap with added utilities. You can build visual network maps and choose scans via dropdowns. Zenmap is a great place to start playing with Nmap commands if you are a beginner.

Nmap还提供了一个名为Zenmap的GUI工具,其中添加了实用程序。 您可以构建可视网络图并通过下拉菜单选择扫描。 如果您是初学者,Zenmap是开始使用Nmap命令的好地方。

I recently wrote a detailed article on Nmap that you can read here.

我最近在Nmap上写了一篇详细的文章, 您可以在这里阅读。

Ncat(以前是Netcat) (Ncat (Previously Netcat))

Netcat is often referred to as the swiss-army knife in networking.


Netcat is a simple but powerful tool that can view and record data on a TCP or UDP network connections. Netcat functions as a back-end listener that allows for port scanning and port listening.

Netcat是一个简单但功能强大的工具,可以查看和记录TCP或UDP网络连接上的数据。 Netcat用作允许端口扫描和端口监听的后端监听器。

You can also transfer files through Netcat or use it as a backdoor to your victim machine. This makes is a popular post-exploitation tool to establish connections after successful attacks. Netcat is also extensible given its capability to add scripting for larger or redundant tasks.

您还可以通过Netcat传输文件,或将其用作受害者计算机的后门 。 这使得成功利用攻击后建立连接的流行的利用后工具。 由于Netcat具有为大型或冗余任务添加脚本的功能,因此它也是可扩展的。

In spite of the popularity of Netcat, it was not maintained actively by its community. The Nmap team built an updated version of Netcat called Ncat with features including support for SSL, IPv6, SOCKS, and HTTP proxies.

尽管Netcat颇受欢迎,但社区并未积极维护它。 Nmap团队构建了Netcat的更新版本,称为Ncat ,其功能包括对SSL,IPv6,SOCKS和HTTP代理的支持。

Metasploit (Metasploit)

If there is one tool I love, its Metasploit. Metasploit is not just a tool, but a complete framework that you can use during an entire penetration testing lifecycle.

如果有我喜欢的一种工具,那就是Metasploit。 Metasploit不仅是一个工具,而且是您可以在整个渗透测试生命周期中使用的完整框架。

Metasploit contains exploits for most of the vulnerabilities in the Common Vulnerabilities and Exposure database. Using metasploit, you can send payloads to a target system and gain access to it though a command line interface.

Metasploit包含“ 常见漏洞和披露”数据库中大多数漏洞的利用。 使用metasploit,您可以将有效载荷发送到目标系统并通过命令行界面访问它。

Metasploit is very advanced with the ability to do tasks such as port scanning, enumeration, and scripting in addition to exploitation. You can also build and test your own exploit using the Ruby programming language.

Metasploit非常先进,除了可以利用漏洞外,还可以执行端口扫描,枚举和脚本编写等任务。 您还可以使用Ruby编程语言来构建和测试您自己的漏洞利用。

Metasploit was open-source until after which Rapid7 acquired the product. You can still access free community edition and use all its features.

Metasploit在之前一直是开源的,之后Rapid7收购了该产品。 您仍然可以访问免费社区版并使用其所有功能。

Metasploit used to be a purely command-line tool. A Java-based GUI called Armitage was released in .

Metasploit过去只是一个纯命令行工具。 发布了基于Java的Armitage GUI。

尼克托 (Nikto)

Nikto is an open-source tool that is capable of performing extensive web server scans. Nikto can help you scan for harmful files, misconfigurations, outdated software installations, and so on.

Nikto是一种开源工具,能够执行广泛的Web服务器扫描。 Nikto可以帮助您扫描有害文件,配置错误,软件安装过时等等。

It also checks for the presence of multiple index files, HTTP server configurations, and the installed web server software.


Nikto is the preferred tool for general web server security audits. Nikto is fast, but not quiet. You can scan a large web server pretty quickly but intrusion detection systems will easily pick up these scans. However, there is support for anti-IDS plugins in case you want to perform stealthy scans.

Nikto是常规Web服务器安全性审核的首选工具。 Nikto速度很快,但并不安静。 您可以相当快地扫描大型Web服务器,但是入侵检测系统可以轻松进行这些扫描。 但是,如果您要执行隐形扫描,则支持反IDS插件。

打p套房 (Burp Suite)

When it comes to pen-testing web applications, Burpsuite has all the answers for you. BurpSuite aims to be an all in one set of tools for a variety of web application pen-testing use cases. It is also a popular tool among professional web app security researchers and bug bounty hunters.

当涉及笔测试Web应用程序时,Burpsuite可以为您提供所有答案。 BurpSuite旨在成为针对各种Web应用程序笔测试用例的多功能工具。 在专业的Web应用程序安全研究人员和错误赏金猎人中,它也是一种流行的工具。

Burpsuite’s tools work together to support the entire web application testing lifecycle. From scanning to exploitation, Burpsuite offers all the tools you need for breaking into web applications.

Burpsuite的工具可以协同工作,以支持整个Web应用程序测试生命周期。 从扫描到开发,Burpsuite提供了进入Web应用程序所需的所有工具。

One of Burp Suite’s main features is its ability to intercept HTTP requests. HTTP requests usually go from your browser to a web server and then the web server sends a response back. With Burp Suite, you can perform Man-in-the-middle operations to manipulate the request and response.

Burp Suite的主要功能之一是能够拦截HTTP请求。 HTTP请求通常从浏览器发送到Web服务器,然后Web服务器将响应发送回去。 使用Burp Suite,您可以执行中间人操作来操纵请求和响应。

Burpusite has an excellent user interface. Burpsuite also has tools for automation to make your work faster and more efficient.

Burpusite具有出色的用户界面。 Burpsuite还具有自动化工具,可以使您的工作更快,更高效。

In addition to its default features, Burpsuite is extensible by adding plugins called BApps.


开膛手约翰 (John the Ripper)

Passwords are still the de-facto standard of authentication in most systems. Even if you successfully get into a server or a database you will have to decrypt the password to gain privilege escalation.

在大多数系统中,密码仍然是实际的身份验证标准。 即使您成功进入服务器或数据库,也必须解密密码才能获得特权升级 。

John the Ripper is a simple tool used for cracking passwords. It is a super-fast password cracker with support for custom wordlists. It can run against most types of encryption methods like MD5 and SHA.

开膛手约翰(John the Ripper)是用于破解密码的简单工具。 这是一个超快速密码破解程序,支持自定义单词列表。 它可以针对大多数类型的加密方法(例如MD5和SHA)运行。

空袭 (Aircrack-ng)

Aircrack-ng is a set of tools that help you to work with wireless networks. Aircrack comprises of tools that can capture wireless networks, crack WPA keys, inject packets, and so on.

Aircrack-ng是一组工具,可帮助您使用无线网络。 Aircrack包含可捕获无线网络,破解WPA密钥,注入数据包等的工具。

A few tools in the Aircrack-ng suite include:


airodump — Captures packetsairodump —捕获数据包 aireplay — Packet injectionaireplay —数据包注入 aircrack — Crack WEP and WPAaircrack —破解WEP和WPA airdecap — Decrypt WEP and WPAairdecap —解密WEP和WPA

Aircrack contains excellent algorithms for cracking WiFi passwords and to capture wireless traffic. It can also decrypt encrypted packets, making it a complete suite of tools for wireless penetration testing.

Aircrack包含用于破解WiFi密码和捕获无线流量的出色算法。 它还可以解密加密的数据包,使其成为用于无线渗透测试的完整工具套件。

In short, you can use Aircrack for monitoring, attacking, and debugging all types of wireless networks.


Nessus (Nessus)

Nessus is a popular enterprise vulnerability scanner. Nessus is built to be a complete vulnerability analysis and reporting tool. While you can scan and find ports or services using Nmap, Nessus will tell you the list of vulnerabilities and how they can be exploited.

Nessus是一种流行的企业漏洞扫描程序。 Nessus被构建为一个完整的漏洞分析和报告工具。 虽然您可以使用Nmap扫描和查找端口或服务,但Nessus会告诉您漏洞列表以及如何利用它们。

Nessus has an excellent user interface, tens of thousands of plugins, and supports embedded scripting. It is often favored by enterprises since it helps companies audit for various compliances like PCI and HIPPA. Nessus will also tell you the severity of the vulnerabilities so that you can focus on those threats accordingly.

Nessus具有出色的用户界面,数以万计的插件,并支持嵌入式脚本。 它通常受到企业的青睐,因为它可以帮助公司审核各种合规性,例如PCI和HIPPA。 Nessus还将告诉您这些漏洞的严重性,以便您可以相应地关注这些威胁。

Nessus is not a free software, but offers a limited free home edition. Nessus has an open-source alternative called Open-Vas that offers similar features.

Nessus不是免费软件,但提供了有限的免费家庭版。 Nessus有一个称为Open-Vas的开源替代方案,它提供类似的功能。

鼻息 (Snort)

Snort is an open-source software for detecting and preventing intrusions in a network. It can perform live traffic analysis and log incoming packets to detect port scans, worms, and other suspicious behavior.

Snort是用于检测和阻止网络入侵的开源软件。 它可以执行实时流量分析并记录传入的数据包,以检测端口扫描,蠕虫和其他可疑行为。

Snort is used for defense compared to most of the other tools in this list. However, snort helps you understand the attacker’s methods by logging their activity. You can also build DNS sinkholes to redirect attacker traffic while finding attack vectors through Snort.

与该列表中的大多数其他工具相比,Snort用于防御。 但是,snort通过记录攻击者的活动来帮助您了解攻击者的方法。 您还可以建立DNS漏洞以重定向攻击者流量,同时通过Snort查找攻击媒介。

Snort also has a web-based GUI called BASE (Basic Analysis and Security Engine). BASE provides a web front-end to query and analyze the alerts coming from Snort.

Snort还具有一个基于Web的GUI,称为BASE(基本分析和安全引擎)。 BASE提供了一个Web前端来查询和分析来自Snort的警报。

结论 (Conclusion)

In today’s networked world, everyone from government agencies to banks stores critical information in the cloud. Cyber-attacks even have the potential to cripple an entire nation. Hence, protecting these networks is not a choice, but an absolute necessity.

在当今的网络世界中,从政府机构到银行的每个人都将关键信息存储在云中。 网络攻击甚至有可能削弱整个国家。 因此,保护​​这些网络不是选择,而是绝对必要。

Whether you are a beginner or an experienced cybersecurity engineer, you will find these ten tools invaluable. Good luck on your journey to becoming a successful penetration tester. Learn more tools from the Security Tools Directory.

无论您是初学者还是经验丰富的网络安全工程师,您都会发现这十种工具非常宝贵。 祝您成功成为渗透测试员,祝您旅途顺利。 从“ 安全工具目录”中了解更多工具。

