Wane Shirin Hackers Ne Ke Amfani Don Yin Kutse
Shin kuna sha'awar wane shiri ne masu satar da'a ke amfani da shi wajen hacking? Anan za ku binciko wasu shirye-shirye na halal da hackers ke amfani da su wajen kutse.
Hackers masu da'a, wanda kuma aka sani da fararen hula hackers, suna amfani da kayan aiki da dabaru iri-iri don gwada amincin tsarin da hanyoyin sadarwa. Ana iya raba waɗannan kayan aikin zuwa sassa da yawa, waɗanda suka haɗa da:
Kayan aikin duba hanyar sadarwa: Ana amfani da waɗannan kayan aikin don gano masu watsa shirye-shirye da buɗe tashoshin jiragen ruwa akan hanyar sadarwa. Misalai sun haɗa da Nmap, Nessus, da OpenVAS.
Kayan aikin tantance rauni: Ana amfani da waɗannan kayan aikin don gano lahani a cikin tsarin da aikace-aikace. Misalai sun haɗa da Nessus, OpenVAS, da Metasploit.
Kayan aikin fasa kalmar sirri: Ana amfani da waɗannan kayan aikin don dawo da batattu ko kalmomin shiga da aka manta. Misalai sun haɗa da John the Ripper, Cain & Able, da Hashcat.
Kayan aikin ɗaukar fakiti: Ana amfani da waɗannan kayan aikin don kamawa da tantance zirga-zirgar hanyar sadarwa. Misalai sun haɗa da Wireshark da tcpdump.
Kayan aikin gwajin aikace-aikacen yanar gizo: Ana amfani da waɗannan kayan aikin don gano lahani a cikin aikace-aikacen yanar gizo. Misalai sun haɗa da Burp Suite, OWASP ZAP, da sqlmap.
Kayan aikin injiniya na zamantakewa: Ana amfani da waɗannan kayan aikin don tattara bayanai game da manufa ta hanyar yaudara. Misalai sun haɗa da SEToolkit da Maltego.
Kayan aikin gwaji mara waya: Ana amfani da waɗannan kayan aikin don gano lahani a cikin cibiyoyin sadarwa mara waya. Misalai sun haɗa da Aircrack-ng da Kismet.
Kayan aikin injiniya na baya: Ana amfani da waɗannan kayan aikin don tantancewa da fahimtar ayyukan cikin software. Misalai sun haɗa da IDA Pro da OllyDbg.
Yana da kyau a lura cewa masu satar da'a suna amfani da kayan aiki da dabaru iri ɗaya kamar na masu kutse, amma suna amfani da su tare da izini da kuma inganta tsaro.
Wane Shirin Hackers Ne Ke Amfani Don Yin Kutse
Ga jerin kusan duk kayan aikin da hackers ke amfani da su don kutse tsarin.
1. Kayan aikin duba hanyar sadarwa
Kayan aikin duba hanyar sadarwa shirye-shirye ne na software ko abubuwan amfani na kan layi waɗanda ake amfani da su don gano na'urori da sabis waɗanda ke da alaƙa da hanyar sadarwa. Ana iya amfani da waɗannan kayan aikin don gano runduna da adiresoshin IP ɗin su, buɗe tashoshin jiragen ruwa da ayyuka, da sauran bayanai game da tsarin cibiyar sadarwa da tsaro. Hakanan za'a iya amfani da su don yin kimanta rashin ƙarfi, gano yuwuwar barazanar tsaro, da saka idanu kan ayyukan cibiyar sadarwa. Wasu shahararrun nau'ikan kayan aikin binciken hanyar sadarwa sun haɗa da na'urorin sikanin tashar jiragen ruwa, na'urar daukar hoto mai rauni, da na'urorin sadarwa.
Ga wasu Kayan aikin Binciken hanyar sadarwa
Nmap (Windows, Linux, macOS)
Scanner IP mai fushi (Windows, Linux, macOS)
Fing (Windows, Linux, macOS, iOS, Android)
Advanced IP Scanner (Windows)
SoftPerfect Network Scanner (Windows, Linux, macOS)
LanScan (macOS)
Zenmap (Windows, Linux, macOS)
Advanced Port Scanner (Windows)
Nessus (Windows, Linux, macOS)
OpenVAS (Windows, Linux)
2. Kayan Ƙirar Rauni
Kayan aikin tantance raunin rauni shirye-shirye ne na software waɗanda aka ƙera don ganowa da ba da rahoton lahani a cikin tsarin kwamfuta, cibiyoyin sadarwa, da aikace-aikace. Waɗannan kayan aikin suna bincika tsarin kuma suna neman raunin da masu aikata laifukan yanar gizo za su iya amfani da su. Ana iya amfani da su don tantance amincin kayan aikin IT na ƙungiyar da gano yuwuwar lahani kamar rashin tsari, ɓacewar facin tsaro, da wuraren shiga mara tsaro. Rahotannin da waɗannan kayan aikin ke samarwa na iya taimakawa ƙungiyoyi su ba da fifiko ga raunin da ya kamata a magance su da ɗaukar matakan da suka dace don tabbatar da tsarin su. Wasu mahimman fasalulluka na kayan aikin tantance raunin sun haɗa da dubawa ta atomatik, ba da rahoto, da damar gyarawa. Ana amfani da su sau da yawa tare da kayan aikin gwaji na Penetration don samar da cikakkiyar ra'ayi game da yanayin tsaro na ƙungiya.
Anan akwai wasu Kayan Aiki na Lalacewa
Nessus (Windows, Linux, macOS)
OpenVAS (Windows, Linux)
Nexpose (Windows, Linux)
Retina (Windows)
QualysGuard (na tushen Cloud)
Rapid7 Metasploit (Windows, Linux, macOS)
Tenable.io (na tushen Cloud)
Nmap NSE (Windows, Linux, macOS)
GFI LanGuard (Windows)
McAfee Vulnerability Manager (Windows, Linux)
3. Kayayyakin Cracking Password
Kayan aikin fasa kalmar sirri shirye-shiryen software ne da aka ƙera don hasashe ko "fatsa" kalmomin shiga don samun damar shiga cikin tsari ko hanyar sadarwa mara izini. Waɗannan kayan aikin suna amfani da dabaru daban-daban kamar su ƙamus, ƙamus, da harin da aka riga aka ƙidaya don gwada haɗa kalmar sirri daban-daban har sai sun sami daidai. Masu sana'a na tsaro za su iya amfani da su don gwada ƙarfin kalmomin shiga na tsarin su da kuma masu aikata laifuka ta yanar gizo don samun damar shiga ba tare da izini ba.
Harin-karfi: Wannan hanyar ta ƙunshi gwada kowane haɗewar haruffa har sai an sami madaidaicin kalmar sirri. Ita ce hanya mafi cin lokaci amma kuma mafi inganci saboda tana ba da tabbacin samun kalmar sirri.
Harin ƙamus: Wannan hanyar tana amfani da jerin kalmomin da suka wanzu (kamus) kuma tana bincika su akan kalmar sirri. Yana da sauri fiye da harin baƙar fata, amma zai sami kalmar sirri kawai idan yana cikin jerin kalmomin da aka yi amfani da su.
Hare-haren da aka riga aka lissafta: Wannan hanyar tana amfani da allunan da aka riga aka lissafta na kalmomin sirrin da ake kira bakan gizo tables don nemo kalmar sirrin rubutu. Yana da sauri da sauri fiye da harin ƙamus ko ƙamus, amma yana aiki ne kawai idan tebur ya ƙunshi takamaiman hash na kalmar sirri da ake fashe.
Yana da kyau a lura cewa yin amfani da waɗannan kayan aikin haramun ne a ƙasashe da yawa ba tare da izini ba, galibi kwararrun jami’an tsaro ne ke amfani da su don gwada tsarin nasu da kuma horar da ma’aikata yadda za su ƙirƙiri kalmomin sirri masu ƙarfi.
Ga wasu kayan aikin fasa kalmar sirri
Hashcat (Windows, Linux, macOS)
John the Ripper (Windows, Linux, macOS)
L0phtCrack (Windows)
Kayinu da Habila (Windows)
Aircrack-ng (Windows, Linux, macOS)
Ophcrack (Windows, Linux)
Wfuzz (Windows, Linux, macOS)
THC Hydra (Windows, Linux, macOS)
Medusa (Windows, Linux, macOS)
Ncrack (Windows, Linux, macOS)
4. Kayan aikin ɗaukar fakiti
Kayan aikin ɗaukar fakiti, wanda kuma aka sani da suna sniffers network, shirye-shiryen software ne waɗanda ke kamawa da tantance zirga-zirgar hanyar sadarwa. Waɗannan kayan aikin suna shiga cikin fakitin cibiyar sadarwa da ke wucewa ta hanyar sadarwa ta hanyar sadarwa, ba da damar masu amfani don ganin cikakkun bayanan sadarwar cibiyar sadarwa kamar adiresoshin IP, tashoshin jiragen ruwa, da abubuwan biyan bayanai. Ana iya amfani da su don dalilai daban-daban kamar magance matsalolin cibiyar sadarwa, sa ido kan yadda ake amfani da hanyar sadarwa, da gano barazanar tsaro.
Anan ga wasu kayan aikin ɗaukar fakiti
Wireshark (Windows, Linux, macOS)
tcpdump (Windows, Linux, macOS)
Microsoft Network Monitor (Windows)
Colasoft Capsa (Windows)
Fiddler (Windows)
Tshark (Windows, Linux, macOS)
5. Kayan aikin gwajin aikace-aikacen yanar gizo
Kayan aikin gwajin aikace-aikacen yanar gizo shirye-shiryen software ne waɗanda ake amfani da su don gwada tsaro da aikin aikace-aikacen yanar gizo. Waɗannan kayan aikin suna sarrafa tsarin ganowa da cin gajiyar rashin ƙarfi a cikin aikace-aikacen yanar gizo, kamar allurar SQL, rubutun giciye (XSS), da buƙatun buƙatun yanar gizo (CSRF). Hakanan ana iya amfani da su don gwada bin ƙa'idodin tsaro na aikace-aikacen yanar gizo kamar OWASP Top 10 da PCI-DSS.
Ga wasu kayan aikin gwajin aikace-aikacen yanar gizo
Burp Suite (Windows, Linux, macOS)
OWASP ZAP (Windows, Linux, macOS)
Nessus (Windows, Linux, macOS)
IBM AppScan (Windows)
Acunetix (Windows)
WebInspect (Windows)
W3AF (Windows, Linux, macOS)
6. Kayan aikin Injiniya na Jama'a
Kayayyakin aikin injiniya na jama'a shirye-shirye ne ko dabaru da ake amfani da su don sarrafa ko yaudarar mutane wajen samar da mahimman bayanai ko aiwatar da wani aiki. Waɗannan kayan aikin galibi maharan suna amfani da su don samun damar yin amfani da mahimman bayanai kamar bayanan shiga, bayanan kuɗi, da bayanan sirri. Hakanan ana iya amfani da su don yada malware ko yin wasu munanan ayyuka.
Ga wasu kayan aikin injiniyan zamantakewa
SET (Kit ɗin Injiniyan Zamani)
Maltego
Kayan Aikin Kaya na Spear Phishing (SPT)
7. Kayan Gwajin Waya mara waya
Kayan aikin gwaji mara waya shirye-shirye ne na software da na'urorin hardware waɗanda ake amfani da su don gwada tsaro da aikin cibiyoyin sadarwa mara waya. Ana iya amfani da waɗannan kayan aikin don ganowa da yin amfani da rashin lahani a cikin cibiyoyin sadarwa mara waya, kamar rufaffen ɓoyewa, wuraren shiga mara tsaro, da na'urorin damfara. Hakanan ana iya amfani da su don gwada bin ƙa'idodin tsaro mara waya kamar 802.11i da WPA2.
Ga wasu kayan aikin gwaji mara waya
Aircrack-ng (Windows, Linux, macOS)
Kismet (Windows, Linux, macOS)
Kayinu da Habila (Windows)
Wireshark (Windows, Linux, macOS)
Metasploit (Windows, Linux, macOS)
Nessus (Windows, Linux, macOS)
Wireless Diagnostics (macOS)
InSSIDer (Windows)
wifi-kabe (Linux)
Wireless Network Watcher (Windows)
8. Reverse Engineering kayan aikin
Kayan aikin injiniya na baya shirye-shirye ne na software da dabaru waɗanda ake amfani da su don tantancewa da fahimtar ayyukan ciki na aikace-aikacen software, binary, firmware, ko na'urar hardware. Ana iya amfani da waɗannan kayan aikin don fitar da bayanai game da ƙira, aiki, da raunin tsarin. Ana iya amfani da aikin injiniya na baya don dalilai da yawa, kamar nazarin malware, gano lahani a cikin software, fahimtar yadda na'urar ke aiki da haɓaka software wanda ya dace da takamaiman na'ura.
Anan ga wasu kayan aikin Injiniya Reverse:
IDA Pro (Windows, Linux, macOS)
OllyDbg (Windows)
Binary Ninja (Windows, Linux, macOS)
Ghidra (Windows, Linux, macOS)
Radare2 (Windows, Linux, macOS)
Mai Rarraba Hex-Rays (Windows)
IDA Kyauta (Windows)
Hopper (Windows, Linux, macOS)
x64dbg (Windows)
BinaryNinja (Windows, Linux, macOS)
Kammalawa
Ina fatan kun san yanzu wane shiri ne masu kutse suke amfani da shi wajen hacking. Hackers masu da'a, wanda kuma aka sani da masu gwajin shiga ko farar hula, suna amfani da kayan aiki iri-iri don kwaikwayi hare-hare na zahiri a kan tsari ko hanyar sadarwa. Waɗannan kayan aikin sun haɗa da binciken cibiyar sadarwa, kimanta rashin lahani, fasa kalmar sirri, ɗaukar fakiti, gwajin aikace-aikacen yanar gizo, gwajin mara waya, da kayan aikin injiniya na baya. Ana amfani da waɗannan kayan aikin don ganowa da yin amfani da rashin ƙarfi a cikin tsarin ko hanyar sadarwa, ba da damar masu satar fasaha su ba da shawarwari kan yadda za a inganta tsaro. Yana da mahimmanci a lura cewa yin amfani da waɗannan kayan aikin ya kamata a yi taka tsantsan kuma ta hanyar ma'aikata masu izini kawai, don guje wa duk wata matsala ta doka ko tauye tsaro.