Sunday, 30 August 2020

Top 10 Most Popular Ethical Hacking Tools (2019 Ranking)

     Top 10 powerful Hacking  Tools in 2019.       

If hacking is performed to identify the potential threats to a computer or network then it will be an ethical hacking.

Ethical hacking is also called penetration testing, intrusion testing, and red teaming.

Hacking is the process of gaining access to a computer system with the intention of fraud, data stealing, and privacy invasion etc., by identifying its weaknesses.

Ethical Hackers:

A person who performs the hacking activities is called a hacker.

There are six types of hackers:

  • The Ethical Hacker (White hat)
  • Cracker
  • Grey hat
  • Script kiddies
  • Hacktivist
  • Phreaker

A security professional who uses his/her hacking skills for defensive purposes is called an ethical hacker. To strengthen the security, ethical hackers use their skills to find vulnerabilities, document them, and suggest the ways to rectify them.

Companies that provide online services or those which are connected to the internet, must perform penetration testing by ethical hackers. Penetration testing is another name of ethical hacking. It can be performed manually or through an automation tool.

Ethical hackers work as an information security expert. They try to break the security of a computer system, network, or applications. They identify the weak points and based on that, they give advice or suggestions to strengthen the security.

Programming languages that are used for hacking include PHP, SQL, Python, Ruby, Bash, Perl, C, C++, Java, VBScript, Visual Basic, C Sharp, JavaScript, and HTML.

Few Hacking Certifications include:

  1. CEH
  2. GIAC
  3. OSCP
  4. CREST

Let's Explore!!

#1) Nmap

Nmap

Price: Free

Description:

Nmap is a security scanner, port scanner, as well as a network exploration tool. It is an open source software and is available for free.

It supports cross-platform. It can be used for network inventory, managing service upgrade schedules, and for monitoring host & service uptime. It can work for a single host as well as large networks. It provides binary packages for Linux, Windows, and Mac OS X.

Features: 

  • Nmap suite has:
    • Data transfer, redirection, and debugging tool(Ncat),
    • Scan results comparing utility(Ndiff),
    • Packet generation and response analysis tool (Nping),
    • GUI and Results viewer (Nping)
  • Using raw IP packets it can determine:
    • The available hosts on the network.
    • Their services offered by these available hosts.
    • Their OS.
    • Packet filters they are using.
    • And many other characteristics.

Best for: Nmap is best for scanning network. It is easy to use and fast as well.

Website: Nmap

******************

#2) Netsparker

Netsparker Vulnerability-Assessments-and-Penetration-Tests

Netsparker is a dead accurate ethical hacking tool, that mimics a hacker's moves to identify vulnerabilities such as SQL Injection and Cross-site Scripting in web applications and web APIs. 
 
Netsparker uniquely verifies the identified vulnerabilities proving they are real and not false positives, so you do not need to waste hours manually verifying the identified vulnerabilities once a scan is finished.
 
It is available as a Windows software and an online service.

******************

#3) Acunetix 

Acunetix Dashboard

Acunetix is a fully automated ethical hacking tool that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS.

The Acunetix crawler fully supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex, authenticated applications.

It bakes in advanced Vulnerability Management features right-into its core, prioritizing risks based on data through a single, consolidated view, and integrating the scanner's results into other tools and platforms.

=> Visit Acunetix Official Website

******************

#4) Metasploit

Metasploit

Price: Metasploit Framework is an open source tool and it can be downloaded for free. Metasploit Pro is a commercial product. Its free trial is available for 14 days. Contact the company to know more about its pricing details.

Description:


It is the software for penetration testing. Using Metasploit Framework, you can develop and execute exploit code against a remote machine. It supports cross-platform.

Features: 

  • It is useful for knowing about security vulnerabilities.
  • Helps in penetration testing.
  • Helps in IDS signature development.
  • You can create security testing tools.

Best For Building anti-forensic and evasion tools.

Website: Metasploit

#5) Aircrack-Ng

aircrack-ng

Price: Free

Description:

Aircrack-ng provides different tools for evaluating Wi-Fi network security.

All are command line tools. For Wi-Fi security, it focuses on monitoring, attacking, testing, and cracking. It supports Linux, Windows, OS X, Free BSD, NetBSD, OpenBSD, Solaris, and eComStation 2.

Features:


  • Aircrack-ng can focus on Replay attacks, de-authentication, fake access points, and others.
  • It supports exporting data to text files.
  • It can check Wi-Fi cards and driver capabilities.
  • It can crack WEP keys and for that, it makes use of FMS attack, PTW attack, and dictionary attacks.
  • It can crack WPA2-PSK and for that, it makes use of dictionary attacks.

Best For: Supports any wireless network interface controller.

Website: Aircrack-Ng

#6) Wireshark

Wireshark

Price: Free

Description:

Wireshark is a packet analyzer and can perform deep inspection of many protocols.

It supports cross-platform. It allows you to export the output to different file formats like XML, PostScript, CSV, and Plaintext. It provides the facility to apply coloring rules to packet list so that analysis will be easier and quicker. The above image will show the capturing of packets.

Features:

  • It can decompress the gzip files on the fly.
  • It can decrypt many protocols like IPsec, ISAKMP, and SSL/TLS etc.
  • It can perform live capture and offline analysis.
  • It allows you to browse the captured network data using GUI or TTY-mode TShark utility.

Best For: Analyzing data packets.

Website: Wireshark

#7) Ettercap

Ettercap

Price: Free.

Description:

Ettercap supports cross-platform. Using Ettercap's API, you can create custom plugins. Even with the proxy connection, it can do sniffing of HTTP SSL secured data.

Features:

  • Sniffing of live connections.
  • Content filtering.
  • Active and passive dissection of many protocols.
  • Network and host analysis.

Best For: It allows you to create custom plugins.

Website: Ettercap

#8) Maltego

Maltego

Price: The Community version, Maltego CE is available for free. Price for Maltego Classic is $999. Price for Maltego XL is $1999. These two products are for the desktop. Price for the server products like CTAS, ITDS, and Comms starts at $40000, which includes training as well.

Description:

Maltego is a tool for link analysis and data mining. It supports Windows, Linux, and Mac OS.

For the discovery of data from open sources and visualizing the information in graphical format, it provides the library of transforms. It performs real-time data-mining and information gathering.

Features:

  • Represents the data on node-based graph patterns.
  • Maltego XL can work with large graphs.
  • It will provide you the graphical picture, thereby telling you about the weak points and abnormalities of the network.

Best For: It can work with very large graphs.

Website: Maltego

#9) Nikto

Nikto

Price: Free

Description:

Nikto is an open source tool for scanning the web server.

It scans the web server for dangerous files, outdated versions, and particular version related problems. It saves the report in a text file, XML, HTML, NBE, and CSV file formats. Nikto can be used on the system which supports basic Perl installation. It can be used on Windows, Mac, Linux, and UNIX systems.

Features:

  • It can check web servers for over 6700 potentially dangerous files.
  • It has full HTTP proxy support.
  • Using Headers, favicons, and files, it can identify the installed software.
  • It can scan the server for outdated server components.

Best For: As a Penetration Testing tool.

Website: Nikto

#10) Burp Suite

BurpSuite

Price: It has three pricing plans. Community edition can be downloaded for free. Pricing for Enterprise edition starts at $3999 per year. Price of the Professional edition starts at $399 per user per year.

Description:

Burp Suite has a web vulnerability scanner and has advanced and essential manual tools.

It provides many features for web application security. It has three editions, community, enterprise, and professional. With community editions, it provides essential manual tools. With the paid versions it provides more features like Web vulnerabilities scanner.

Features:

  • It allows you to schedule and repeats the scan.
  • It scans for 100 generic vulnerabilities.
  • It uses out-of-band techniques (OAST).
  • It provides detailed custom advisory for the reported vulnerabilities.
  • It provides CI Integration.

Best For: Security testing.

Website: Burp Suite

#11) John The Ripper

John-the-Ripper

Price: Free

Description:

John the Ripper is a tool for password cracking. It can be used on Windows, DOS, and Open VMS. It is an open source tool. It is created for detecting weak UNIX passwords.

Features:

  • John the Ripper can be used to test various encrypted passwords.
  • It performs dictionary attacks.
  • It provides various password crackers in one package.
  • It provides a customizable cracker.

Best For: It is fast in password cracking.

Website:  John the Ripper

#12) Angry IP Scanner

AngryIPScanner

Price: Free

Description:

Angry IP Scanner is a tool for scanning the IP addresses and ports. It can scan both on local network and Internet. It supports Windows, Mac, and Linux operating systems.

Features:

  • It can export the result in many formats.
  • It is a command-line interface tool.
  • It is extensible with many data fetchers.

Website:  Angry IP Scanner

Conclusion

As explained here, Nmap is used for computer security and network management. It is good for scanning the network. Metasploit is also for security and is good for building anti-forensic and evasion tools.

Aircrack-Ng is a free packet sniffer & injector and supports cross-platform. Wireshark is a packet analyzer and is good in analyzing data packets. As per the reviews available online, people recommend using Nmap instead of Angry IP scanner as Angry IP Scanner comes with unwanted applications.

John the Ripper is fast in password cracking. Nikto is a good open source tool for penetration testing. Maltego presents the data in a graphical form and will give you information about weak points and abnormalities.

This was all about the ethical hacking and the top ethical hacking tools. Hope you will find this article to be much useful!!

@EVERYTHING NT

Related word


  1. Hacking Tools Software
  2. Pentest Tools Kali Linux
  3. Hack Tools For Windows
  4. Hacking Tools 2019
  5. Hack Tools Download
  6. Hack Tools
  7. Hack Tools Mac
  8. Hacker Tools For Mac
  9. Hacker Tools Linux
  10. Hacker Hardware Tools
  11. Hack Tools
  12. Hack Tools For Pc
  13. Hacker Tools
  14. Hacker Tools Free Download
  15. Hacker Tools Hardware
  16. Hacking Tools Software
  17. Pentest Box Tools Download
  18. Hacker Tools Free
  19. Hacker Tools For Ios
  20. Nsa Hack Tools Download
  21. Pentest Tools Nmap
  22. Termux Hacking Tools 2019
  23. Github Hacking Tools
  24. Computer Hacker
  25. Hacking Tools For Pc
  26. Black Hat Hacker Tools
  27. Hacking Tools For Windows 7
  28. What Is Hacking Tools
  29. Hacker Tools For Ios
  30. Hack Tools For Mac
  31. Bluetooth Hacking Tools Kali
  32. Pentest Tools Android
  33. Pentest Tools For Android
  34. Hacking Tools Github
  35. Kik Hack Tools
  36. Hacking Tools For Games
  37. Hack Tools Download
  38. Hacker Tools Online
  39. New Hacker Tools
  40. Hacker Tools List
  41. New Hack Tools
  42. Hacks And Tools
  43. Physical Pentest Tools
  44. Pentest Tools Review
  45. Pentest Tools Windows
  46. Beginner Hacker Tools
  47. Pentest Tools Free
  48. Underground Hacker Sites
  49. Pentest Tools Framework
  50. Hack Tools Mac
  51. Hacking Tools For Windows 7
  52. How To Make Hacking Tools
  53. Hacker Tools List
  54. Hack Tools Mac
  55. Github Hacking Tools
  56. Pentest Tools Github
  57. Hack Tools For Games
  58. How To Hack
  59. Hacker Tool Kit
  60. Hacking Tools For Mac
  61. Hacker Tools Windows
  62. Hacking Tools 2020
  63. Hack Tools 2019
  64. Wifi Hacker Tools For Windows
  65. Hacker Tools Free Download
  66. Hacker Hardware Tools
  67. Kik Hack Tools
  68. Hacking Tools Software
  69. Hacker Tools Free Download
  70. Hacker Tools For Pc
  71. Blackhat Hacker Tools
  72. Pentest Tools For Ubuntu
  73. Pentest Tools Apk
  74. Hacker Tools
  75. Beginner Hacker Tools
  76. How To Install Pentest Tools In Ubuntu
  77. Beginner Hacker Tools
  78. Wifi Hacker Tools For Windows
  79. Pentest Tools Online
  80. Hacker Tools Free
  81. Hacker Tools For Windows
  82. Pentest Box Tools Download
  83. Hacking Tools Mac
  84. Hacking Tools 2020
  85. Hack Tools Pc
  86. Hacking Tools Hardware
  87. Pentest Tools Review
  88. What Are Hacking Tools
  89. Pentest Tools For Ubuntu
  90. Hacker Tools List
  91. Pentest Tools List
  92. Hacking Tools Software
  93. Tools Used For Hacking
  94. Pentest Recon Tools
  95. Hacker Security Tools
  96. Hacking Tools Software
  97. Hacker Tools Software
  98. Hacking Tools For Beginners
  99. Hacking Tools For Kali Linux
  100. Hacking Tools Free Download
  101. Pentest Tools Open Source
  102. Hack Website Online Tool
Read More :- "Top 10 Most Popular Ethical Hacking Tools (2019 Ranking)"

PHASES OF HACKING

What is the process of hacking or phases of hacking?
Hacking is broken up into six phases:The more you get close to all phases,the more stealth will be your attack.

1-Reconnaissance-This is the primary phase of hacking where hacker tries to collect as much as information as possible about the target.It includes identifying the target,domain name registration records of the target, mail server records,DNS records.The tools that are widely used in the process is NMAP,Hping,Maltego, and Google Dorks.

2-Scanning-This makes up the base of hacking! This is where planning for attack actually begins! The tools used in this process are Nessus,Nexpose,and NMAP. After reconnaissance the attacker scans the target for services running,open ports,firewall detection,finding out vulnerabilities,operating system detection.

3-Gaining Access-In this process the attacker executes the attack based on vulnerabilities which were identified during scanning!  After the successful, he get access to the target network or enter in to the system.The primary tools that is used in this process is Metasploit.

4-Maintaining Access-It is the process where the hacker has already gained access in to a system. After gaining access the hacker, the hacker installs some backdoors in order to enter in to the system when he needs access in this owned system in future. Metasploit is the preffered toll in this process.

5-Clearning track or Covering track-To avoid getting traced and caught,hacker clears all the tracks by clearing all kinds of logs and deleted the uploaded backdoor and anything in this process related stuff which may later reflect his presence!

6-Reporting-Reporting is the last step of finishing the ethical hacking process.Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used,the success rate,vulnerabilities found,and the exploit process.
Related posts

  1. Hack Tools For Windows
  2. Pentest Tools Linux
  3. Hacking Tools For Kali Linux
  4. Pentest Tools Website Vulnerability
  5. Hackers Toolbox
  6. Hack Tools Pc
  7. Best Hacking Tools 2020
  8. World No 1 Hacker Software
  9. Hacking Tools Free Download
  10. Hacker Tools Mac
  11. Pentest Tools For Windows
  12. Pentest Tools Framework
  13. Pentest Tools Port Scanner
  14. Hacker Search Tools
  15. Hacking Tools Windows
  16. Hack Tools
  17. Pentest Tools Subdomain
  18. Pentest Tools Port Scanner
  19. Hacking Tools For Windows
  20. Hacks And Tools
  21. Growth Hacker Tools
  22. Pentest Tools Linux
  23. Hacker Tools Hardware
  24. Hacking Tools Windows 10
  25. Hack Tools For Pc
  26. Pentest Tools For Android
  27. Top Pentest Tools
  28. Pentest Tools Linux
  29. Hacking Tools Windows
  30. Hacker Tools 2019
  31. Best Hacking Tools 2020
  32. Tools Used For Hacking
  33. Hacker Tools
  34. Hacker Tools Software
  35. Hacking Tools For Windows 7
  36. Free Pentest Tools For Windows
  37. Pentest Tools For Mac
  38. Hack Tools For Ubuntu
  39. Hacker Tools Github
  40. Hacking Tools Software
  41. Hacking Tools 2019
  42. Pentest Tools Linux
  43. Pentest Reporting Tools
  44. Hack Apps
  45. Github Hacking Tools
  46. Top Pentest Tools
  47. Pentest Reporting Tools
  48. Hack Tool Apk
  49. Hacker Tools For Ios
  50. How To Make Hacking Tools
  51. Pentest Tools Port Scanner
  52. Pentest Tools List
  53. Hacking Tools Kit
  54. Hack Rom Tools
  55. Hack Tools Online
  56. Pentest Box Tools Download
  57. New Hack Tools
  58. Hacker Tools Free Download
  59. Pentest Tools Tcp Port Scanner
  60. Hacking Tools Hardware
  61. Hacking Tools For Kali Linux
  62. Hacking Tools Download
  63. Underground Hacker Sites
  64. Hack Tools Download
  65. Kik Hack Tools
  66. Pentest Tools Online
  67. Hack And Tools
  68. Pentest Box Tools Download
  69. Hacking Tools 2020
  70. Hack Apps
  71. Install Pentest Tools Ubuntu
  72. Blackhat Hacker Tools
  73. Pentest Tools Find Subdomains
  74. Blackhat Hacker Tools
  75. Game Hacking
  76. Hacker Tools Github
  77. Hacking App
  78. Hacking Tools Windows
  79. Nsa Hack Tools
  80. Hacker Tools Windows
  81. Hack Website Online Tool
  82. Hacking Tools Windows 10
  83. Hack Tools For Windows
  84. Pentest Tools Website Vulnerability
  85. Growth Hacker Tools
  86. Hacking Tools Hardware
  87. Hacker Techniques Tools And Incident Handling
  88. Underground Hacker Sites
  89. Hacker Tools For Pc
  90. Physical Pentest Tools
  91. Pentest Tools Url Fuzzer
  92. Pentest Tools For Mac
  93. Pentest Box Tools Download
  94. Pentest Tools Open Source
  95. Hacking Tools And Software
  96. Hacker Tools Free
  97. Hack App
  98. Free Pentest Tools For Windows
  99. Hacker Tools For Pc
  100. Hacking Tools For Mac
  101. Hacker Tools For Mac
  102. Hacking Tools For Beginners
  103. Pentest Box Tools Download
  104. Tools For Hacker
  105. Hacker Tools Software
  106. Pentest Tools Online
  107. Pentest Tools Online
  108. Hacking Apps
  109. Pentest Tools Windows
  110. Hack Tools 2019
  111. Beginner Hacker Tools
  112. Hack Tools Download
  113. New Hack Tools
  114. Hacker Tools Windows
  115. Hacker Tools For Windows
  116. Hack Tools
  117. Game Hacking
  118. Pentest Tools Bluekeep
  119. Hack Tools Github
  120. Hacking Tools Download
  121. Usb Pentest Tools
  122. Hacking Tools For Mac
  123. Hacking Tools For Windows Free Download
  124. Wifi Hacker Tools For Windows
  125. Growth Hacker Tools
  126. Hack Rom Tools
  127. Hack Tools For Pc
  128. Hacking Tools Hardware
  129. Game Hacking
Read More :- "PHASES OF HACKING"

Smart Contract Hacking Chapter 1 - Solidity For Penetration Testers Part 1 (Hello World)

 

Note: We will start off our Smart Contract Hacking journey with some basic solidity programming in the first two weeks. After that we will ramp things up and get a little crazy deploying blockchains and liquidating funds from accounts. But since the purpose of this series is to share the information I have learned over the last two years.  I do not want to alienate those new to Smart Contracts and programming so we will take these first few weeks a bit slow. 

Also note the text was taken from a book I was / am writing, I retrofitted it for this blog, and placed videos where screenshots may otherwise exist. If something seems off.. Just DM me on twitter and I will update it anything I might have missed during editing, but I tried to edit it as best as possible to meet this format rather then a book. 

Cheers  @Fiction 

http://cclabs.io

Thanks to @GarrGhar for helping me edit/sanity check info for each of the chapters. 


About Solidity

The solidity programming language is the language used to write smart contracts on the Ethereum blockchain. As of my initial writing of this chapter the current compiler version was 0.6.6. However, the versions change rapidly. For example, when I started coding in solidity 2 years ago, solidity was in version 4 and now its version 7 with major library and coding stylistic requirement updates in version 5. 

So, note that when compiling your code for labs its best to use the version sited in that particular example. This is easily achieved in the online compilers, by selecting the compiler version from the dropdown menu. If you would like to give yourself a small challenge, use the latest compiler version and try to modify the code to work with it. Usually this just requires a few minor modifications and can be a good learning experience under the hood of how Solidity works and what has changed.

Solidity is very similar to writing JavaScript and is fully object oriented. In the intro chapters we will attempt to provide a quick overview of solidity understanding needed for a penetration tester. This will not be full guide to programming, as programming is considered to be a pre-requisite to application hacking. Instead this chapter will be a gentle introduction of needed concepts you will use throughout this book. Solidity is also a needed pre-requisite for understanding the rest of the information and its associated exploitation course. 

However, as long as you understand general programming concepts then you should have no trouble understanding solidity. It is a relatively easy language to get up and running with quickly in comparison to more mature languages like C++ and Java which may take a more significant amount of time to learn.

The most important thing to understand with solidity is that unlike traditional languages, solidity handles transactions of monetary value by default. Meaning you don't need to attach to a payment API to add transactions to your applications. Payment functionality is baked into the language as its primary purpose and for usage with the Ethereum blockchain.  All that's needed for financial transactions in solidity is a standard library transfer function, and you can easily send value to anyone's public address. 

For example, the following simple function will transfer a specified amount of Ether to the user calling the function provided they have a large enough balance to allow the transfer. But lets not dive into that just yet. 

 

1.  function withdraw (uint amount) {
2.     require (amount <= balances[msg.sender]);
3.     msg.sender.transfer(amount);
4.  }

 

Structure of a Smart Contract

Rather than discuss payments at this point, let's not jump to far ahead of ourselves. We need to understand the structure of a smart contract. Let's take a look at a Hello World example. We will analyze all of the key aspects that make solidity different then other languages you may currently understand.

You can easily follow along with this on http://remix.ethereum.org which is a free online IDE and compiler for coding in solidity. A full video walk through of Remix is included later on in this chapter.  Remix contains in-browser compilers and virtual environments that emulate block creation and allow you to send and receive transactions.  This is a powerful development tool and absolutely free to use. 

Below is the simple code example we will analyze before moving on to a live walk through. 

1.  pragma solidity 0.6.6; 
2.   
3.  contract HelloWorld {
4.           
5.     constructor () public payable {
6.           //This is a comment
7.           //You can put your configuration information here
8.     }
9.   
10.   function hello () public pure returns (string memory) {
11.                  return "Hello World";
12.         }
13.}

 

There is a lot going on in this small program so I will try to break it down as simple as possible. In the first line, we have the pragma statement which is required at the top of each program to let the compiler know which version of solidity this code was written for.  As I said earlier, these versions change rapidly due to the evolving technology and many changes are implemented into each new version. So, the compiler needs to know which version you intended this to run on.

On line 3 is the word "contract" followed by whatever name you wish to call your contract. The contract's functionality is then enclosed in curly braces. This is similar to creating a class in any other language. It's a block of associated code that can be inherited, or interfaced with and contains its own variables and methods.

On line 5 contained within the contract curly braces we have a constructor denoted by the word "constructor".  The constructor is run one time at contract creation and used to setup any variables or details of the smart contract. This is often used for creating an administrator of the contract or other items that are needed prior to contract usage. 

Functions and variables within Solidity also have various types and visibility set with their creation.  In this case also on line 5 you will see the words "public" and "payable" used to describe the constructor. 

Public you may be familiar with as it's a common visibility keyword used in other languages denoting that anyone can call this function. There are other visibility types in Solidity listed below, we will cover each of these in more detail as we use them to our advantage when hacking smart contracts:

 

Public

This allows anyone to call and use this function

 

Private

This allows only the current contract and its functions to call it directly.

 

Internal

This is similar to private except it also allows derived contracts to use its functionality

 

External

External can only be called externally by other contracts unless the "this" keyword is used with the function call.

 

The second keyword in the constructor definition "payable" you may not be familiar with unless you have worked on blockchain projects. The word payable within solidity is needed on any item that can receive Ether. So, by setting the constructor as payable we can send a base amount of Ether to the contract when its deployed. This will add an initial monetary liquidity for whatever functionality the contract is providing. For example, if this were a gambling game, we would need some initial Ethereum to payout our winners before our revenues catch up with our payouts and we start collecting large sums of failed gambling revenue. 

Within the constructor is an example of how comments are handled in solidity, the simple double forward slash is used like in most languages. Comments function in the same way as any other language in that they are not processed and they are ignored by the compiler but are useful for understanding the code you wrote later after you have taking time apart from reading your code.

Finally, we have our simple hello function starting on line 10. Again, there is a lot going on here. First is the name of the function with parentheses that can contain arguments like in any other language. However, this function does not take arguments.

You will notice two more keywords in the function definition "pure" and "returns". Returns is simply the way the function denotes that it will return a value to the user, which it then states directly after it what type of variable it returns. In this case, it returns a string in memory.  We will talk about memory and storage later on and the security implications of them.

Next is the word "Pure" there are a couple types of functions in Solidity which will list below with a brief description.


View

This type of function does not modify or change the state of the contract but may return values and use global variables.

Pure

A pure function is a function which is completely self-contained in that it only uses local variables and it does not change the state of the smart contract.


Finally, in line 11 we return our string to the user who called the function. In the context of a user, this could be a physical user using an application or smart contract functionality or it could actually be another smart contract calling the function.

 

Hands on Lab – Remix HelloWorld

Now that we talked over in detail all the new concepts to solidity programs using a small example, lets compile and run this code on remix.ethereum.org.

Action Steps:

ü Browse to remix.etherum.org
ü Type out the the code from above (Do not copy Paste it)
ü Compile and deploy the code
ü Review the transaction in the log window

 

Intro to the Remix Development Environment Video


In Remix create a new file and type out the example helloworld code.  I would suggest that you actually type out all of the examples in this book. They will not be exhaustive or long and will provide you great value and make you comfortable when it comes to writing your own exploits and using the compilers and tools. These are all essential tools to your understanding.

Within your remix environment, you will want to select the compiler version 0.6.6 to ensure that this code runs correctly. If you typed out the code correctly you should not receive any errors and you will be able to deploy and interact with it. In the following video we will walk you through that process and explain some nuances of solidity. 


Explaining and Compiling HelloWorld Video: 




     

    Lets now quickly review a few key points about the transaction that you saw within the video when compiling your code. This transaction is shown below. 

    __________________________________________________________________________________

    call to HelloWorld.hello

    CALL

    from      0xBF8B5A94eD4dFB45089b455B1A0e296D6669c625

     to           HelloWorld.hello() 0xADe285e11e0B9eE35167d1E25C3605Eba1778C86

     transaction cost               21863 gas (Cost only applies when called by a contract)

                                             execution cost 591 gas (Cost only applies when called by a contract)

     hash     0x14557f9552d454ca865deb422ebb50a853735b57efaebcfc9c9abe57ba1836ed

     input    0x19f...f1d21

     decoded input {}

     decoded output               {

                    "0": "string: Hello World"

    }

     logs       []

    _________________________________________________________________________________

     

    The output above is a hello transaction which contains the relevant data retrieved when you executed the hello function in the video. The first important thing to notice is the word "CALL". In solidity there are call and send transactions. The difference between the two is whether they change the state of the blockchain or not. In this case we did not change the state, we only retrieved information so a CALL was issued.  If we were changing variables and sending values then a SEND transaction would have been issued instead.

    Next you will see the "From" address which should correspond with the address you used to call the transaction.  The "To" field should be the address the smart contract was given when you deployed the smart contract. You can view this on your deployment screen next to the deployed contract name by hitting the copy button and pasting it somewhere to see the full value.

    You will then see the costs and gas associated with the transaction. Costs change based on the size of the contracts and the assembly code created by the compiler. Each instruction has a cost. We will cover that later when we do a bit of debugging and decompiling. 

    Finally take note of the Decoded Output which contains the return string of "Hello World".

     

    Summary

    If you are new to solidity or new to programming in general this might have been a lot of information.  In the next chapter we cover a few more key solidity concepts before moving on to exploiting vulnerabilities where a much more in depth understanding of how solidity works and its security implications will be explored. For more solidity resources and full-length free tutorials check out the following references

      

    Homework:

    https://cryptozombies.io/en/course/

    Related posts


    1. Top Pentest Tools
    2. Hacker Search Tools
    3. Nsa Hacker Tools
    4. Pentest Tools Windows
    5. Hack Tools For Games
    6. Hack Tools For Pc
    7. Hacking Tools Hardware
    8. Top Pentest Tools
    9. Hack Tools Github
    10. Hacker Tools For Pc
    11. Pentest Reporting Tools
    12. Hacking Tools Kit
    13. Hacking Tools Download
    14. Hacking Tools Name
    15. Hacker Tool Kit
    16. Game Hacking
    17. Hack And Tools
    18. Hacking Tools For Windows Free Download
    19. Hacking Tools Download
    20. Physical Pentest Tools
    21. Hacker Techniques Tools And Incident Handling
    22. Hack Tools Mac
    23. Nsa Hacker Tools
    24. Hacker Tools Linux
    25. Hacking Tools And Software
    26. Pentest Recon Tools
    27. Hack Tools
    28. Hak5 Tools
    29. Tools For Hacker
    30. Bluetooth Hacking Tools Kali
    31. Usb Pentest Tools
    32. Game Hacking
    33. Pentest Tools For Android
    34. Hacking Tools For Mac
    35. Pentest Tools Framework
    36. Hacker Search Tools
    37. How To Make Hacking Tools
    38. Pentest Tools Review
    39. Kik Hack Tools
    40. Hacking Tools Windows 10
    41. Hacking Tools Windows 10
    42. Hacking Apps
    43. Easy Hack Tools
    44. Hacker Tools Apk Download
    45. Tools For Hacker
    46. Hacker Techniques Tools And Incident Handling
    47. Pentest Tools Url Fuzzer
    48. Hack App
    49. Hacker Tools Hardware
    50. Github Hacking Tools
    51. Best Hacking Tools 2020
    52. Underground Hacker Sites
    53. Hacker Tools Free Download
    54. Hack Tools For Windows
    55. Hacking Tools For Windows Free Download
    56. Hacker Techniques Tools And Incident Handling
    57. Pentest Tools Bluekeep
    58. Black Hat Hacker Tools
    59. Hack And Tools
    60. Hacks And Tools
    61. Hacking Tools Kit
    62. Pentest Tools Open Source
    63. Hacking Tools For Mac
    64. Hacker Tools For Pc
    65. Free Pentest Tools For Windows
    66. Pentest Tools Online
    67. Hacker Hardware Tools
    68. Pentest Tools Review
    69. Hacker Tools For Windows
    70. Hak5 Tools
    71. Pentest Tools Find Subdomains
    72. Hacker Tools
    73. Bluetooth Hacking Tools Kali
    74. Hacker Tools Linux
    75. Hack Tools For Ubuntu
    76. Hacking Tools For Windows
    77. Hacker Tools For Mac
    78. Top Pentest Tools
    79. Hak5 Tools
    80. New Hacker Tools
    81. Hacker Tools For Ios
    82. Hacking Tools Kit
    83. Pentest Tools For Ubuntu
    84. Hacker Tools Apk
    85. Hack Website Online Tool
    86. How To Install Pentest Tools In Ubuntu
    87. Pentest Tools For Windows
    88. Hack Rom Tools
    89. Hacking Apps
    90. Hacker Hardware Tools
    91. Pentest Tools For Android
    92. Hacking Tools Free Download
    93. Tools 4 Hack
    94. Hack Tools For Ubuntu
    95. Pentest Tools Find Subdomains
    96. Ethical Hacker Tools
    97. Tools Used For Hacking
    98. Hacking Tools For Mac
    99. Hacker Security Tools
    100. Hack App
    101. Pentest Recon Tools
    102. Free Pentest Tools For Windows
    103. Hacker Tools Mac
    104. Pentest Tools
    105. Hack Tools Download
    106. Hacker Tools Github
    107. Hack Tools For Windows
    108. How To Make Hacking Tools
    109. How To Hack
    110. Hacking Tools 2019
    111. Hacker Search Tools
    112. Underground Hacker Sites
    113. Hack Tools For Mac
    114. Hacking Tools Github
    115. Pentest Tools Website Vulnerability
    116. Physical Pentest Tools
    117. Top Pentest Tools
    118. Hacking Tools Kit
    119. World No 1 Hacker Software
    120. Game Hacking
    121. Hacking Tools For Windows Free Download
    122. Hack Tools For Games
    123. Hacker
    124. Tools 4 Hack
    125. World No 1 Hacker Software
    126. Hacking Tools For Mac
    127. Hacker Tools For Ios
    128. New Hacker Tools
    129. Hacker Tools 2020
    130. Hacking Tools For Pc
    131. Pentest Tools Url Fuzzer
    132. Pentest Tools Nmap
    133. How To Make Hacking Tools
    134. Hacker Tools For Windows
    135. Pentest Tools Online
    136. Hacker Tools Github
    137. Hack Tools For Windows
    138. Hacking Tools And Software
    139. Hacking Tools Name
    140. New Hacker Tools
    141. Easy Hack Tools
    142. Pentest Tools Linux
    143. Hacker Tools Software
    144. Pentest Tools Free
    145. Pentest Recon Tools
    146. Pentest Tools Nmap
    147. Pentest Reporting Tools
    148. Pentest Reporting Tools
    149. Tools Used For Hacking
    150. Hacking Tools Hardware
    151. Pentest Tools Website Vulnerability
    152. Hacker Tools For Windows
    153. What Is Hacking Tools
    154. World No 1 Hacker Software
    Read More :- "Smart Contract Hacking Chapter 1 - Solidity For Penetration Testers Part 1 (Hello World)"