网络安全必备工具_Ncat

网络安全必备工具_Ncat

Ncat(以前是Netcat) (Ncat (Previously Netcat))

Netcat is often referred to as the swiss-army knife in networking.

Netcat在网络中通常被称为“瑞士军刀”。

Netcat is a simple but powerful tool that can view and record data on a TCP or UDP network connections. Netcat functions as a back-end listener that allows for port scanning and port listening.

Netcat是一个简单但功能强大的工具，可以查看和记录TCP或UDP网络连接上的数据。 Netcat用作允许端口扫描和端口监听的后端监听器。

You can also transfer files through Netcat or use it as a backdoor to your victim machine. This makes is a popular post-exploitation tool to establish connections after successful attacks. Netcat is also extensible given its capability to add scripting for larger or redundant tasks.

您还可以通过Netcat传输文件，或将其用作受害者计算机的后门 。 这使得成功利用攻击后建立连接的流行的利用后工具。 由于Netcat具有为大型或冗余任务添加脚本的功能，因此它也是可扩展的。

In spite of the popularity of Netcat, it was not maintained actively by its community. The Nmap team built an updated version of Netcat called Ncat with features including support for SSL, IPv6, SOCKS, and HTTP proxies.

尽管Netcat颇受欢迎，但社区并未积极维护它。 Nmap团队构建了Netcat的更新版本，称为Ncat ，其功能包括对SSL，IPv6，SOCKS和HTTP代理的支持。

Metasploit (Metasploit)

If there is one tool I love, its Metasploit. Metasploit is not just a tool, but a complete framework that you can use during an entire penetration testing lifecycle.

如果有我喜欢的一种工具，那就是Metasploit。 Metasploit不仅是一个工具，而且是您可以在整个渗透测试生命周期中使用的完整框架。

Metasploit contains exploits for most of the vulnerabilities in the Common Vulnerabilities and Exposure database. Using metasploit, you can send payloads to a target system and gain access to it though a command line interface.

Metasploit包含“ 常见漏洞和披露”数据库中大多数漏洞的利用。 使用metasploit，您可以将有效载荷发送到目标系统并通过命令行界面访问它。

Metasploit is very advanced with the ability to do tasks such as port scanning, enumeration, and scripting in addition to exploitation. You can also build and test your own exploit using the Ruby programming language.

Metasploit非常先进，除了可以利用漏洞外，还可以执行端口扫描，枚举和脚本编写等任务。 您还可以使用Ruby编程语言来构建和测试您自己的漏洞利用。

Metasploit was open-source until 2009 after which Rapid7 acquired the product. You can still access free community edition and use all its features.

Metasploit在2009年之前一直是开源的，之后Rapid7收购了该产品。 您仍然可以访问免费社区版并使用其所有功能。

Metasploit used to be a purely command-line tool. A Java-based GUI called Armitage was released in 2013.

Metasploit过去只是一个纯命令行工具。 2013年发布了基于Java的Armitage GUI。