网络安全不可缺少的工具

网络安全不可缺少的工具

开膛手约翰 (John the Ripper)

Passwords are still the de-facto standard of authentication in most systems. Even if you successfully get into a server or a database you will have to decrypt the password to gain privilege escalation.

在大多数系统中，密码仍然是实际的身份验证标准。 即使您成功进入服务器或数据库，也必须解密密码才能获得特权升级 。

John the Ripper is a simple tool used for cracking passwords. It is a super-fast password cracker with support for custom wordlists. It can run against most types of encryption methods like MD5 and SHA.

开膛手约翰(John the Ripper)是用于破解密码的简单工具。 这是一个超快速密码破解程序，支持自定义单词列表。 它可以针对大多数类型的加密方法(例如MD5和SHA)运行。

空袭 (Aircrack-ng)

Aircrack-ng is a set of tools that help you to work with wireless networks. Aircrack comprises of tools that can capture wireless networks, crack WPA keys, inject packets, and so on.

Aircrack-ng是一组工具，可帮助您使用无线网络。 Aircrack包含可捕获无线网络，破解WPA密钥，注入数据包等的工具。

A few tools in the Aircrack-ng suite include:

Aircrack-ng套件中的一些工具包括：

• airodump — Captures packets
• airodump —捕获数据包
• aireplay — Packet injection
• aireplay —数据包注入
• aircrack — Crack WEP and WPA
• aircrack —破解WEP和WPA
• airdecap — Decrypt WEP and WPA
• airdecap —解密WEP和WPA

Aircrack contains excellent algorithms for cracking WiFi passwords and to capture wireless traffic. It can also decrypt encrypted packets, making it a complete suite of tools for wireless penetration testing.

Aircrack包含用于破解WiFi密码和捕获无线流量的出色算法。 它还可以解密加密的数据包，使其成为用于无线渗透测试的完整工具套件。

In short, you can use Aircrack for monitoring, attacking, and debugging all types of wireless networks.

简而言之，您可以使用Aircrack监视，攻击和调试所有类型的无线网络。

Nessus (Nessus)

Nessus is a popular enterprise vulnerability scanner. Nessus is built to be a complete vulnerability analysis and reporting tool. While you can scan and find ports or services using Nmap, Nessus will tell you the list of vulnerabilities and how they can be exploited.

Nessus是一种流行的企业漏洞扫描程序。 Nessus被构建为一个完整的漏洞分析和报告工具。 虽然您可以使用Nmap扫描和查找端口或服务，但Nessus会告诉您漏洞列表以及如何利用它们。

Nessus has an excellent user interface, tens of thousands of plugins, and supports embedded scripting. It is often favored by enterprises since it helps companies audit for various compliances like PCI and HIPPA. Nessus will also tell you the severity of the vulnerabilities so that you can focus on those threats accordingly.

Nessus具有出色的用户界面，数以万计的插件，并支持嵌入式脚本。 它通常受到企业的青睐，因为它可以帮助公司审核各种合规性，例如PCI和HIPPA。 Nessus还将告诉您这些漏洞的严重性，以便您可以相应地关注这些威胁。

Nessus is not a free software, but offers a limited free home edition. Nessus has an open-source alternative called Open-Vas that offers similar features.

Nessus不是免费软件，但提供了有限的免费家庭版。 Nessus有一个称为Open-Vas的开源替代方案，它提供类似的功能。