Last night I mentioned some open source tools to learn and practice on and got some questions about them after class. These are tools that are free to use, available to most OS', and can be as easy or as challenging as you want. The names may be familiar but I wanted to share with you some resources I used to learn them.

This tool is one of the oldest security tools that I have used, but it is continually updated and continues to be one of the most useful in the industry.

NMAP stands for "network mapper" what that means at it's core is that it is a customizable network scanner. 

As the name entails, NMAP scans a given network for hosts computers, what OS is being run, and what services that are running on said hosts (as well as what port is being used); these are essential steps of the recon. phase of an attack. What sets NMAP apart is that custom scripts can be written to actually determine network conditions, and then alter how the scan performs/works. 

The best place to learn any tool is from the guy/girl who developed it in the first place. I consider this book a key resource, not just for NMAP, but for ethical hacking in general.

I have used NMAP as a hobby on and off for years, but this book is INSANELY good at teaching any skill level how/why you would use this tool. 

A good pair with NMAP, the Metasploit framework is an extremely versatile tool in the hands of both white hat and black hat hackers.

Metasploit at it's core is a penetration testing application, however, it's functions are fairly diverse. 

I will describe an example use of metasploit, as it could be argued that it does many different things. Let's say I run NMAP against a network and I see some services on a machine, lets say Cyberduck is currently running on a target host in an Apple OSX environment on port 21. I can then run metasploit and find any vulnerabilities for Cyberduck, pick which one I want to use, configure my attack, and execute the attack. Or I can just hit the AutoPWN button and have it do all of that for me against any present vulnerability on the targeted machine. :D

The best place to learn more I've found is through the community itself, but if you're like me you hate dealing with over-zealous know-it-alls. Therefore I recommend this book http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X/ref=pd_bxgy_b_img_b 

This is a very dangerous tool, and can get you into some trouble if used improperly. It gets even more dangerous when coupled with NMAP, but these two are perfect examples of how to effectively and efficiently audit a network FOR FREE. Don't buy into the BS that you need $1,000.00 applications in order to practice how to defend your networks, or get practice on how to be offensive in the cyber war arena. 

I hope this piques someone's interest and you start trying these things out, or at least looking at them. Just know that the bad guys have these tools too, so at some point you'll have to know the capabilities of them at the very least.