Maharashtra Board of Technical Education,
Mumbai
GOVERNMENT POLYTECHNIC,
SOLAPUR
DIPLOMA IN COMPUTER
TECHNOLOGY
Academic year 2022-23
ETI (22618)
A
MICRO-PROJECT
ON
Ethical hacking and their tools
Submitted by:
Roll No. 60 – Kshirsagar Pranav Prabhakar
Enrollment No.2000150069
Submitted to: Mrs. Varsha Mangalaram.
1
� CERTIFICATE
This is to certify that the following student Kshirsagar
Pranav Prabhakar, Roll No. 60 of Branch CM6I of the
institute Government Polytechnic, Solapur (0015) has
completed the micro-project work satisfactorily under my
supervision/guidance for the subject ETI (22618) in the
academic year 2022-2023 as prescribed in the curriculum.
Guide Name – Mrs. Varsha Mangalaram.
Date & Sign –
HOD PRINCIPAL
2
� INDEX
Sr. Page
Title
No. No.
1. Acknowledgement 4
2. Abstract 5
3. Introduction 6
4. What is Hacking 7
5. Ethical hacking tools 8-14
6. Conclusion 15
7. References 16
3
� ACKNOWLEDGEMENT
In the accomplishment of this micro-project successfully,
many people have best owned upon me their blessings and
heart-privileged support. Primarily, I would like to express a
special thanks of gratitude to the Principal Sir of the
Government Polytechnic, Solapur for giving this golden
opportunity with all the required facilities for completing this
micro-project of our group.
I would like to extend my gratitude to our mam, whose
valuable guidance has been the ones that helped us patch this
project and make it full proof success. Their suggestions and
instructions has served as the major contributor towards the
completion of the micro-project.
I would also like to thank my parents who have helped
with their valuable suggestions and provided the required
resources needed for the micro-project.
4
� ABSTRACT
As a student enrolled in the Government Polytechnic,
Solapur, every semester we require to do a micro-project on
any one topic in the syllabus of the respective subjects. Hence,
I have created a project on Ethical hacking and their tools as
the micro-project for the subject ETI (22618)
Ethical hacking tools are software and hardware solutions used
by ethical hackers to identify and exploit vulnerabilities in
computer systems and networks. These tools include utilities
such as Nmap and Wireshark, which are used for network
scanning and packet analysis, as well as frameworks such as
Metasploit, which provide a range of exploit and payload
options. Password cracking tools such as John the Ripper are
also popular ethical hacking tools.
In addition to software-based tools, there are also hardware-
based tools such as the Rubber Ducky and Wi-Fi Pineapple.
These devices provide additional capabilities, such as keystroke
injection and wireless network auditing, respectively.
The use of ethical hacking tools is an important part of
maintaining cybersecurity in today's digital world. However, it's
important to use these tools responsibly and with proper
authorization, as misuse of these tools can have serious legal
and ethical consequences. As technology continues to evolve,
it's likely that we'll see new and more sophisticated ethical
hacking tools emerge, making it even more important for
organizations and individuals to stay vigilant and proactively
address potential security threats.
5
� INTRODUCTION
Ethical hacking tools are software programs or
hardware devices that are used by security professionals to
identify and exploit vulnerabilities in computer systems,
networks, and applications. The purpose of ethical hacking is to
find security weaknesses so that they can be fixed before they
can be exploited by malicious actors. Ethical hackers use these
tools to simulate attacks on a system, allowing them to test the
security of the system and identify any vulnerabilities that need
to be addressed.
The field of ethical hacking has grown rapidly in recent
years as companies have become more aware of the
importance of protecting their systems and data. Ethical
hacking has become an essential part of the cybersecurity
industry, with businesses of all sizes relying on ethical hackers
to identify and address security risks. As a result, there has
been a corresponding increase in the number and complexity of
ethical hacking tools available.
6
�What is Hacking?
Hacking is the act of gaining unauthorized access to computer
systems or networks, often with the intention of stealing or
manipulating data, disrupting systems, or committing fraud.
Hacking can be done by individuals or groups with malicious
intentions, and it is often considered illegal and unethical.
What is ethical hacking?
Ethical hacking, on the other hand, is the act of using hacking
techniques and tools for the purpose of identifying and fixing
security vulnerabilities in computer systems, networks, and
applications. Ethical hackers are trained security professionals
who use their skills and knowledge to simulate attacks on a
system, find vulnerabilities, and report them to the organization
that owns the system. The goal of ethical hacking is to improve
the security of computer systems by identifying and fixing
vulnerabilities before they can be exploited by malicious actors.
Why ethical hacking is important?
Ethical hacking is important for several reasons:
Identifying security vulnerabilities: Ethical hacking helps
organizations identify security weaknesses in their
computer systems, networks, and applications. This allows
organizations to fix these vulnerabilities before they can
be exploited by malicious actors, reducing the risk of
cyber attacks and data breaches.
Improving overall security: By identifying and fixing
vulnerabilities, ethical hacking helps improve the overall
security of computer systems. This helps to protect
sensitive data, intellectual property, and other critical
assets.
7
� Meeting regulatory requirements: Many industries are
subject to regulations that require them to maintain a
certain level of security. Ethical hacking can help
organizations comply with these regulations by identifying
vulnerabilities and implementing appropriate security
controls.
Protecting reputation: A data breach can have a significant
impact on an organization's reputation. Ethical hacking
helps to identify and address vulnerabilities before they
can be exploited, reducing the risk of a data breach and
protecting the organization's reputation.
Cost savings: By identifying and fixing vulnerabilities
before they can be exploited, ethical hacking can help
organizations avoid the costs associated with data
breaches, such as legal fees, regulatory fines, and lost
business.
How to protect our system from hackers?
1. Keep your software up-to-date: Ensure that your operating
system, applications, and security software are all up-to-
date with the latest security patches and updates. This
helps to address any known vulnerabilities that hackers
can exploit.
2. Use strong passwords: Use strong, unique passwords for
all your accounts and change them regularly. Avoid using
the same password for multiple accounts, and never share
your password with anyone.
3. Enable two-factor authentication: Enable two-factor
authentication (2FA) wherever possible, which adds an
additional layer of security by requiring a code or token in
addition to your password to access your account.
4. Use a reputable antivirus software: Install and regularly
update a reputable antivirus software to help protect your
system against malware and other threats.
5. Secure your network: Ensure that your wireless network is
encrypted and password-protected. Avoid using public Wi-
Fi networks for sensitive activities, such as online banking
or shopping.
6. Use a firewall: Install and enable a firewall to help block
unauthorized access to your system.
8
� 7. Be cautious of suspicious emails and links: Be cautious of
emails or links from unknown senders, and avoid clicking
on links or downloading attachments from suspicious
sources.
8. Backup your data: Regularly backup your important data
to an external hard drive or cloud storage service, in case
your system is compromised.
ETHICAL HACKING
TOOLS
Some ethical hacking tools that are used by ethical
hacker for finding bugs and providing security.
Nmap:
Nmap, short for "Network Mapper", is a popular and powerful
tool used by ethical hackers to discover and map out networks,
identify open ports, and detect potential vulnerabilities. Here
are some key features and functions of Nmap:
9
� o Network exploration: Nmap can be used to explore
networks and discover hosts and devices connected to
them.
o Port scanning: Nmap can scan for open ports on a system,
which can provide information about services and
applications running on that system.
o OS detection: Nmap can determine the operating system
(OS) running on a remote system by analyzing its network
traffic.
o Service detection: Nmap can detect and identify the
services and applications running on a remote system by
analyzing the traffic on the ports that they use.
o Vulnerability scanning: Nmap can be used to scan for
potential vulnerabilities on a remote system, by checking
against a database of known vulnerabilities and exploits.
o Customizable scanning: Nmap provides a wide range of
options and settings that allow users to customize and
fine-tune their scans, based on their specific needs and
objectives.
o Scriptable interface: Nmap has a scriptable interface,
which allows users to automate repetitive tasks and
customize their scans using scripts.
Overall, Nmap is a versatile and essential tool for ethical
hackers, network administrators, and security professionals
who need to understand and secure complex computer
networks.
Wireshark:
10
�Wireshark is a popular and powerful network protocol analyzer
used by ethical hackers to capture and analyze network traffic.
It allows users to view and analyze packets of data flowing over
a network, providing valuable insight into network performance
and potential security vulnerabilities. Here are some key
features and functions of Wireshark:
Protocol analysis: Wireshark supports a wide range of network
protocols, allowing users to analyze and decode network traffic
at various layers of the OSI model.
Live capture: Wireshark can capture network traffic in real-time,
allowing users to monitor and analyze network activity as it
happens.
Filter and search: Wireshark provides powerful filtering and
search capabilities, allowing users to focus on specific packets
or data of interest.
Graphs and statistics: Wireshark includes graphing and
statistical tools, allowing users to visualize network traffic
patterns and performance metrics.
Protocol dissectors: Wireshark includes protocol dissectors,
which decode and interpret the contents of packets, making it
easier to analyze and understand network traffic.
Remote capture: Wireshark can capture network traffic from
remote systems, allowing users to analyze traffic on systems
that are not physically accessible.
11
�John the Ripper (JTR):
John the Ripper (JTR) is a popular password cracking tool used
by ethical hackers to test and improve the strength of password
security. It can be used to identify weak passwords, crack
password hashes, and test the effectiveness of password
policies. Here are some key features and functions of John the
Ripper:
Password cracking: John the Ripper can crack password hashes
using various techniques, including brute force, dictionary
attacks, and hybrid attacks.
Hash types: John the Ripper supports a wide range of password
hash types, including Unix crypt, MD5, SHA-1, SHA-2, and
others.
Custom rules: John the Ripper allows users to create custom
password cracking rules, which can improve the speed and
effectiveness of the cracking process.
Performance optimization: John the Ripper can take advantage
of multi-core processors, GPU acceleration, and distributed
computing to improve performance.
Password policy testing: John the Ripper can be used to test the
effectiveness of password policies, by attempting to crack
passwords that meet certain criteria, such as length and
complexity.
Rubber Ducky:
12
�The Rubber Ducky is a small USB device that looks like a flash
drive, but is actually a programmable HID (Human Interface
Device) that can be used for ethical hacking purposes. It is
essentially a keystroke injection tool that can be used to
execute a pre-programmed set of commands on a target
computer. Here are some key features and functions of the
Rubber Ducky:
Keystroke injection: The Rubber Ducky can be programmed to
execute a set of keystrokes on a target computer, allowing for
automated tasks such as password cracking and network
reconnaissance.
Cross-platform compatibility: The Rubber Ducky is compatible
with Windows, Mac, and Linux operating systems.
Customization: The Rubber Ducky can be programmed with
custom scripts, allowing for flexibility and adaptability in a
variety of scenarios.
Stealth: The Rubber Ducky can operate in "stealth mode,"
which means it can bypass anti-virus and anti-malware
software, making it a powerful tool for ethical hacking.
13
�Simple to use: The Rubber Ducky is easy to use and requires
minimal technical knowledge, making it accessible to a wide
range of users.
Wi-Fi Pineapple:
The Wi-Fi Pineapple is a wireless penetration testing tool that
can be used for ethical hacking purposes. It is essentially a
portable Wi-Fi hotspot that can be used to monitor and
manipulate Wi-Fi traffic. Here are some key features and
functions of the Wi-Fi Pineapple:
Wi-Fi auditing: The Wi-Fi Pineapple can be used to audit
wireless networks, identify vulnerabilities, and gather
information about connected devices.
Man-in-the-middle attacks: The Wi-Fi Pineapple can be used to
conduct man-in-the-middle attacks on Wi-Fi networks, allowing
an ethical hacker to intercept and analyze network traffic.
Captive portal: The Wi-Fi Pineapple can be used to create a
captive portal, which is a landing page that users are redirected
to when they connect to a Wi-Fi network. This can be used to
capture login credentials or other sensitive information.
DNS spoofing: The Wi-Fi Pineapple can be used to spoof DNS
(Domain Name System) responses, which can be used to
redirect users to malicious websites or capture sensitive
information.
14
�Automatic de-authentication: The Wi-Fi Pineapple can be used
to automatically de-authenticate users from a Wi-Fi network,
which can be used to force them to reconnect and potentially
expose sensitive information.
Cross-platform compatibility: The Wi-Fi Pineapple is compatible
with Windows, Mac, and Linux operating systems.
CONCLUSION
15
� In conclusion, ethical hacking tools are essential for
identifying and addressing security vulnerabilities in computer
systems and networks. From Nmap to Wireshark, from
Metasploit to John the Ripper, these tools provide ethical
hackers with a range of options to conduct security
assessments and identify weaknesses in IT infrastructure.
However, it's important to use these tools responsibly and with
proper authorization, as misuse of these tools can have serious
legal and ethical consequences. As technology continues to
evolve, it's likely that we'll see new and more sophisticated
ethical hacking tools emerge, making it even more important
for organizations and individuals to stay vigilant and proactively
address potential security threats.
16
� REFERENCES
1. www.google.com
2. https://chat.openai.com/
3. www.youtube.com
17
