EC-Council’s Certified Ethical Hacker (CEH) certification provides employers the assurance that their teams can secure their systems because the certification exam focuses on the latest tools used by information security pros and hackers today. Understanding the latest tools, technologies and methodologies can be a critical component to to securing networks, databases, applications, and critical data on other secured systems that are evolving at record speeds.
Below are some of the many tools that will be addressed in a CEH training class and may show up on your exam. These lists are not exhaustive but do cover a significant portion of the tools that may be mentioned.
Open Source Research/Footprinting Tools
Footprinting, also know as reconnaissance, refers to the act of gathering information to aid a hacker in their attack. A hacker may research into the specific systems used or even details pertaining to the organization and its employees that could be used in a social engineering attack. Often times black and white hat hackers prefer to use open source, or free and widely available, tools because they can be altered easily to fit their unique needs without having to write entire applications from scratch.
Here are a few of the open source research and footprinting tools that may appear on the CEH certification exam:
- Maltego
- Recon-NG
- FOCA
- OSR Framework
- Recon-Dog
- BillCipher
- cewl
- metagoofil
- Censys
Scanning Tools
After the reconnaissance phase, hackers will build upon the information they gathered by performing three types of scans: a port scan, vulnerability scan and network scan. These scans are used to identify the number of open ports, known vulnerabilities and IP addresses.
Here are a few of the scanning tools that may appear on the CEH certification exam:
- nmap
- hping2/3
- Metasploit
- NetScanTools Pro
- Zenmap
Proxy Tools
A proxy server is a hardware or software system that serves as an intermediary between the end-user and their online destination such as a website or cloud-based app. A proxy server offers a level of anonymity for your online activity.
Here are a few of the proxy tools that may appear on the CEH certification exam:
- BurpSuite
- Tor
- Proxy Switcher
- CyberGhost VPN
- Tails
- Whonix
Enumeration Tools
Enumeration is the process of extracting a system’s machine names, services, network resources, user names and other valuable data to be used to exploit a system. During this phase, a hacker will connect to the target system and then perform direct actions to obtain more detailed information about the target which will then be used to determine the system’s weak point or vulnerabilities.
Here are a few of the enumeration tools that may appear on the CEH certification exam:
- SNMP
- MIB
- LDAP
- NFS
- Dig
Vulnerability Analysis Tools
Once you have identified a system’s weak points during the enumeration phase, a vulnerability analysis will dive deeper into each of those cybersecurity flaws and determine their severity to prioritize fixes.
Here are a few of the tools that can be used in a vulnerability analysis and may appear on the CEH certification exam:
- CVSS/NVD/CVE/CWE
- Nessus
- GFI LanGuard
- OpenVas
- Nikto
- Qualsys
- Saint
- Network Security Scanner
Exploitation Tools
An exploit is an attack on the vulnerabilities found within a system. These vulnerabilities may be through the system’s hardware, operating systems, applications, or networks and exploits will usually be performed through various programming efforts in order to take control of the system or export valuable data.
Here are a few of the tools that can be used to exploit a system and may appear on the CEH certification exam:
- John the Ripper
- Mimikatz
- Hashcat
- pwdump
- L0phtCrack
- PsExec
- LoJax
- Scranos
Anti-Rootkit Tools
An anti rootkit helps identify malicious administrative access to a system usually gained through suspect processes, registry keys, hooks or modules, modified files, and rootkits.
Here are a few of the anti-rootkit tools that may appear on the CEH certification exam:
- Stinger
- Rootkit Buster
- Malwarebytes Anti-Rootkit
Malware/Trojan Generators
A malware or trojan generator allows a hacker to quickly create their own malicious tools that can be used to attack a system.
Here are a few of the malware and trojan generators that may appear on the CEH certification exam:
- DarkHorse
- Angler
- Divergent
- Vaporworm
- NLBrute
- Powershell
Register Now For An Upcoming CEH Certification Bootcamp
Sniffers/Arp Poisoners
An ARP Poisoner is a type of attack that abuses the Address Resolution Protocol (ARP) to infiltrate a system. Packet Sniffing, on the other hand, is a security process that monitors all packets moving through a network as a means to identify potential threats.
Here are a few of the Sniffers/Arp Poisoners that may appear on the CEH certification exam:
- TCPDump
- Wireshark
- SteelCentral
- Capsa
- Ufasoft
- BetterCAP
- Cain & Abel
- XArp
DDos Tools
A Distributed Denial of Service (DDoS) attack exploits the capacity limits of a system’s network resources by sending more requests than can be handled and results in the system crashing.
Here are a few of the DDoS tools that may appear on the CEH certification exam:
- High Orbit Cannon
- Low Orbit Cannon
- HULK
- Tor’s Hammer
- Slowloris
Session Hijacking Tools
A Session Hijacking attack occurs when a hacker takes control of the victim’s internet session either through the web or through an application and then can navigate through the site with all of the user’s privileges.
Here are a few of the Session Hijacking tools that may appear on the CEH certification exam:
- OWASP ZAP
- BetterCAP
- WebSploit Framework
- sslstrip
IDS Tools
An Intrusion Detection System (IDS) is a network security technology that detects exploits made against a specific computer or application.
Here is a an IDS tools that will likely appear on the CEH certification exam:
- Snort
Anonymizers
An anonymizer is a type of proxy server that hides a user’s personally identifying information.
Here are a few of the Anonymizers that may appear on the CEH certification exam:
- Boomproxy
- zendproxy
- webproxyserver
- anonymizer
Honeypots
A honeypot refers to an intentionally compromised system that attracts hackers and allows them to exploit the vulnerability so that you can study their behavior and, as a result, improve your security policies.
Here are a few of the Honeypot tools that may appear on the CEH certification exam:
- KFSensor
- SPECTER
Web Server Hacking/SQL Injection Tools
SQL injection refers to an attack in which the hacker uses SQL code to gain access to a database and the valuable information it contains. Web server hacking is a similar approach to gain database access using code other than SQL.
Here are a few of the hacking tools used for either a web server or SQL injection attack that may appear on the CEH certification exam:
- ZAP
- BeEF
- Burp
- THC Hydra
- DVWA
Wireless Attack Tools
A wireless attack is a broad term that references any attack targeting a wireless network or system. A more specific example of a wireless attack is a Denial of Service (DoS) attack.
Here are a few of the wireless attack tools that may appear on the CEH certification exam:
- Pineapple Tetra/Nano
- Air Suite
- Airgeddon
- NetSurveyor
- Acrylic
- Vistumbler
- WifiManager
- InSSIDerPlus
- Ekahau HeatMapper
- Wifphisher
- Reaver
Mobile Device Attack Tools
The majority of adults use a smartphone daily. Additionally, many use a mobile device to access PII through financial apps or as a part of a 2-factor authentication to access their work environments. As such, attackers more frequently target mobile devices as a means to gain valuable information.
Here are a few of the tools used to access mobile devices that may appear on the CEH certification exam:
- Agent Smith Attack
- Root Genius
- SuperSU Root
- Z4root
- Yuxigon
- Trimgo
- Yalu
- Spyzie
- Exodus
- KeyRaider
- Spyic
- Frida
- Fing
Iot Tools
The Internet of Things (IoT) refers to the interconnectedness between physical objects and technology as a means of collecting and sharing data over the internet. Today, billions of objects are connected with the internet and penetrating some of these devices could result in catastrophe.
Here are a few of the IoT attack tools that may appear on the CEH certification exam:
- IoTSeeker
- RIoT
- Foren6
- RFCrack
- Attify Zigbee Framework
- ChipWhisperer
- Thingful
- Suphacap
- CloudShark
- IoTsploit
- BladeRF
- HackRF
- GQrx
- Firmwalker
- KillerBee
Cloud Exploit Tools
The cloud refers to shared servers housed in data centers that are accessed through the Internet and powers various software and databases. There are a number of business benefits for switching to the cloud, however, there is also an added risk of being able to remotely access data from anywhere and it is a risk that hackers often exploit.
Here are a few of the Cloud Exploit tools that may appear on the CEH certification exam:
- Sysdig
- Knative
- Spyse
- S3Scanner
- Pacu
- DumpsterDiver
- CCAT
- GCPBucketBrute
- Dockerscan
- AWS pwn
Register Now For An Upcoming CEH Training Course!
Complete the form below to schedule a time to speak with an Admissions Advisor about our upcoming CEH Training. Classes Available Weekdays, Nights & Weekends!