Installing Software Tools and Virtualized Operating System

Installing a Virtualized Operating System: The next step in preparing the lab system is to install your virtual machines and configure them.

Since I do not know which virtualization software you will choose, I will provide some broad steps on how the process works. You will need to research the specifics for your software of choice.

In general, the process works something like this:

  1. Create a new virtual machine in your software.
  2. Name the new virtual machine something meaningful, such as Windows 7 64-bit or Kali Linux.
  3. Depending on the OS you intend to install on the virtual machine, you will need to allocate some memory to the virtual environment.
    I usually recommend allocating a minimum of 2 GB to a VM guest. Keep in mind that these amounts will vary, and most software will allow you to increase or decrease this amount later.

At this point you can install your operating system on the virtual environment. To do this you will need either an ISO file or media such as a CD/DVD or USB flash drive.

Once you have that in hand, follow the instructions in your virtualization software to mount the media and perform the installation process.

Installing the Tools

Once you have configured, patched, and prepared your virtual machine, you can install the applications you have chosen.

This section is meant to help you at least get started with the process of locating and evaluating some new tools.

To prepare for the CEH exam, you should learn how to use tools listed in the following sections.

Types of Software Tools

To make things easy I have classified the tools by category, each in no particular order.

Download: CEH v9 PDFs


Nmap: You can acquire Nmap at, which is the website of the developer itself. Since this tool is such a flexible and powerful piece of software and is cross platform, you should seriously consider making it part of your toolkit.

Angry IP Scanner: Available at, this piece of software is simple, quick and dirty way of locating which hosts are up or down on a network.

While the functionality for this tool can be replicated with a few enumeration phase. However, this tool is a port scanner as well.

Zanti (For Mobile Phones): This app is available on Google Play, where it can be downloaded for free.

Zenmap (Part of Nmap): Included as part of Nmap package, it is nothing more than a graphical front end to the command-line Nmap scanner.

NBTScan: This is used for NetBIOS scans and can be downloaded from

Hping2/hping3: These packet-crafting utilities can be used to create custom scans or probe individual ports with precision. They can be obtained at

NetScan Tools: This multipurpose suite of tools is available at

Download: EC Council CEH v9 Video Training Course


DumpSec: This is available from and can be used as a means to reveal the users, groups, printers, and other information from a targeted system.

SuperScan: This tool can be found at and is useful mostly for performing certain steps during the enumeration phase. However, this tool is at heart a port scanner as well.

Netcat: This is a multipurpose tool that can be used to perform enumeration. You can obtain it as

Cryptcat: It’s the same as Netcat except it offers encryption capabilities that Netcat can’t. it’s useful when trying to avoid sniffing or detection by an IDS and can be obtained at .

TCPView: This is used to view connections to and from a given system and can be obtained at

Sysinternals Suite: This collection of tools can be obtained at

NirSoft Suite: This collection of various useful tools and utilities can be obtained at

Download: Bug Bounty Web Hacking Complete Video Training

Password-Cracking Tools:

L0phtCrack: This tool can be obtained from

Ophcrack: You can obtain this tool from

John the Ripper: Find this tool at

Trinity Rescue Kit: Here’s another multipurpose tool that is useful for performing password resets on a local computer. It can be downloaded from

Medusa: This is an old password cracker from, but it still may work when other crackers fail.

RainbowCrack: Available at, it cracks hashes with rainbow tables.

Brutus: Available at, this is an old but still somewhat effective web application password cracker.

Download: Web Hacking & Security Basic to Advanced Video Training Course


Wireshark: Available at, this is the most popular packet sniffer in the IT industry. It’s fully customizable packet sniffers with plenty of documentation can help both online and in print. Wireshark boasts cross-platform support and consistency across platforms.

Tcpdump: Available at, this is a popular command-line sniffer available for both the Unix and Linux platforms.

Windump: Available at, this is a version of a tcpdump but ported to the Windows platform.

Cain & Able: Available at, this multipurpose tool includes basic sniffing capabilities among other functions designed to recover passwords.

Kismet (for Wireless): Available at, this is a popular wireless sniffing and detection tool designed for the Linux operating system.

Ntop: Available at, this is a high-speed sniffer designed for Unix systems.

NetworkMiner: Available at, this network sniffer is capable of capturing traffic and doing analysis but also is capable of performing forensically accepted analysis.

Download: CEH v9 2000+ Tools & PDFs

Wireless Tools:

Kismet: Available at, this is a popular wireless sniffing and detection tool designed for the linux operating system.

inSSIDer: Available at, this is a network detection and location tool.

Reaver: Available at, this tool is used to perform brute-force attacks against WPS-enabled routers.

Netstumbler (Old but Useful on 32-bit Systems): This offering from works much like MetaGeek’s offering but is not as feature rich.

Bluesnarfer: You can obtain this tool from the repositories of any linux distribution.

Aircrack-ng: Available at, this is a suite of tools used to target and access wireless networks.

Download: Unrevealed Secret DoS Commands

Logging and Event-Viewing Tools:

LogParserLizard: Available at, this tool is used to analyze log files and allows for the creation of queries to reveal events from Event Viewer and other logs such as IIS and FTP.

NOTE: I want to point out that if you use Kali Linux 2.0, which was released on August 11,2015, the product includes a full suite of tools to do all of the tasks we covered in this blog as well as others we haven’t covered.

If you are going to use Kali Linux, I highly recommend that you update your distribution regularly.

Related Articles

One Comment

Leave a Reply

Back to top button