List of Tools featured in CEH iLabs by Hacking Phases

According to some people that have performed Certified Ethical Hacker (CEH) Practical exam, they say that most of the scenarios are based on exercises presented on CEH iLabs, that are included in the official CEH iLearn Course. So for CEH Practical exam candidates, it is important to know and handle all tools that are featured in these labs.

This post tries not to be just a plain list of all tools as they appear in the course, but I have tried to organized them according to the phase of hacking where they would belong. The phases of hacking, according to CEH, are:

  1. Reconnaissance
  2. Scanning
  3. Gaining access
  4. Maintaining access
  5. Clearing tracks

Nevertheless, some exercises fall out of any of these phaes. That would be the case for DoS attack or defensive actions; if this is the case they are listed separated from the others.

This post pretends to be a guide so, when a hacking challenge is presented during CEH exam, exam candidate has a list of available tools to complete it. It wants to be useful also to check exam candidate readiness before the exam.

CEH tools by attack/defense phase

Penetration Attack Phases

In a penetration attack, or standard hacking attack, the aim is to control the target computer.

  1. Reconnaissance

    1. Ping a target

      1. ping (Windows command)
    2. Calculate TTL

      1. tracert (Windows command)

    3. Network Mapping

      1. Path Analyzer Pro (Windows app)

    4. Web Mirroring

      1. HTTTrack (Windows app)
      2. Social Engineering Tool (SET) (Linux command line)
  2. Scanning

    1. Sniffing / Packet Capture
      1. Wireshark (Windows, Linux app)

      Traffic Analyzer

      1. Capsa Network Analyzer (Windows)
    2. Network Scanning
      1. MegaPing (Windows app)
      2. NetScanTools Pro (Windows app)
      3. Solar Network Topology Mapper (Windows app)
      4. Angry IP Scanner (Windows app)
      5. Global Network Inventory (Windows app)
      6. Softperfect Network Scanner (Windows app)
      7. Metasploit > nmap (Linux command line)
      8. Metasploit > smb_versions (Linux command line)
    3. Packet Crafting / Port Scanning
      1. nmap (Linux command)
      2. Zenmap (Windows app; GUI for nmap)
      3. hping3 (Linux command)
      4. ping (Windows command)
      5. ping (Ubuntu command)
      6. Cola Soft Packet Builder (Windows app)
      7. IP-Tools (Windows app)
    4. NetBIOS Enumeration
      1. Advanced IP Scanner (Windows app)
      2. SuperScan (Windows app)
      3. NetBIOS Enumerator (Windows app)
      4. nbtstat (Windows command)
    5. SNMP Enumeration
      1. nmap
      2. Metasploit
    6. LDAP Enumeration
      1. ADExplorer (Windows app)
    7. Host Characteristics Enumeration
      1. enum4linux (Linux command)
    8. Host Resources Enumeration
      1. Hyena (Windows app)
    9. Vulnerability Scanning
      1. Nessus (Windows app)
      2. Nikto (Linux app)
    10. WebServer Vulnerability Scanner
      1. N-Stalker Tool (M15e02)
      2. Acunetix Website Vulnerability Server (WVS) (M14e05)
      3. Vega (M14e04)
    11. Webserver footprinting
      1. Netcat / nc (Linux command line)
      2. Skipfish (Linux command line)
      3. Uniscan (LInux command line
      4. httprecon (Windows app)
      5. ID Serve (Windows app)
    12. Find hidden content in web servers
      1. OWASP dirbuster (Linux app)
  3. Gaining Access

    1. Bypass firewall
      1. nmap -sI (zombie attack) (Linux)
      2. HTTHost / HTTPort
    2. Dump Windows hash tables
      1. wmic (Windows command line)
      2. PwDump7 (Windows app)
      3. metasploit > post/windows/gather/smart_hashdump (Linux command line)

      Get dump hashes from LLMNR-NBTNS

      1. responder (Linux command line)
    3. Generate rainbow tables
      1. Winrtgen (Windows app)
    4. Crack Windows hash tables
      1. john (Linux command line) (in combination with responder hashes)
      2. ophcrack (Windows app) (in combination with PwDump7 hashes and tables made with another program)

      Compare rainbow tables with hashes

      1. RainbowCrack (Windows app)
    5. Control from command line shell
      1. metasploit > reverse_tcp
    6. Backdoor Creator
      1. msfvenom (Linux command line) (controled by metasploit > reverse_tcp)
      2. TheFatRat (Linux command line) (controled by metasploit > reverse_tcp)
      3. HTTP RAT (Windows app) (controlled by HTTP RAT server)
      4. MoSucker (Windows app)
      5. njRAT Builder (Windows app) (controlled by njRAT Manager)
      6. SwayzCryptor (Windows app) (controlled by njRAT Manager)
      7. ProRat (Windows)
      8. Theef Server (Windows app) (controlled by Theef Client)
    7. RAT
      1. metaspoit > reverse_tcp and TightVNC
      2. HTTP RAT
      3. MoSucker
      4. njRAT
      5. ProRat
      6. Theef Client
    8. Worm Maker
      1. Internet Worm Maker Thing (Windows)
    9. Creater user
      1. net (Windows command line)
    10. Spoof MAC Adress / ARP Poisoning
      1. SMAC (Windows app)
      2. Cain & Abel (Windows app)
    11. Session Hijacking Proxies to intercept or alter data/cookie
      1. Burp proxy (Linux app)
      2. OWASP Zed Attack Proxy (ZAP)
    12. FTP Password cracking
      1. Hydra
    13. Web Server Attack
      1. Armitage (Linux, app) (GUI for metasploit)
    14. Social Engineering
      1. Social Engineering Tool (SET) (Linux command line)
    15. Get WordPress Usernames
      1. WPScan (Linux command line)
    16. Crack WordPress Passwords
      1. metasploit > wordpress_login_enum
    17. SQL Injection Attack
      1. SQLMap (Linux command line) (M14e06)
      2. blast
    18. Dump Wireless data
      1. airodump-ng (Linux command line)
    19. Crack wireless
      1. aircrack-ng (Linux command line)
  4. Maintaining Access

    1. Privilege Escalation
      1. metasploit > bypassuac_foodhelper
    2. SpyWare
      1. Spytech SpyAgent
      2. SpyWare
    3. Bypass password rules
      1. HTTHost (Windows app)
      2. netsh (Windows command line)
  5. Clearing Tracks

    1. Hide files
      1. NTFS streams (Windows command line)
    2. Steganography
      1. snow (Windows app)
      2. OpenStego (Windows app)
      3. QuickStego (Windows app)
    3. Covert channels
      1. cover_tcp (Linux command line)
    4. Modify Windows audit policy
      1. auditpol (Windows command line)
    5. Logs
    6. Registry values

Denial of Service

Denial-of-Service (DoS) is a type of attack that differs from the standard hacking attack, where the aim is to control the target system. In the case of DoS, the objective is to impact the availability of a system.

The reconnaissance and scanning phases seen on Penetration would apply as well to a DoS attack.

  1. Reconnaissance
  2. Scanning
  3. DoS Attack
    1. SYN flood
      1. metasploit > auxiliary/dos/tcp/synflood (Linux command) M10e01
      2. hping3 (Linux command), with –flood parameter
    2. Other
      1. High Orbit Ion Cannon (HOIC) (Windows app)

Information Security Aspects

This section covers the defensive tools seen on CEH.

Audit System Passwords

L0phtCrack (Windows)

Static Malware Analysis

IDA Disassembler


Detect ARP Attacks

Wireshark (M08e05)

XARP Tool (M08e06)

Dynamic Malware Analysis / Detecting Trojans in your computer

TCPView (Windows app)

autoruns (Windows app)

CurrPorts (Windows app)

Startup program Monitoring


Antivirus and antimalware

Windows Defender

j16 PowerTools (Windows app)

ClamWin Antivirus

Windows Registry Monitoring


Intrusion Detection System (IDS)



HoneyBOT (Windows)


Windows Firewall

Windows command netsh

Server Configuration

Internet Information Service (ISS) / inetmgr (Windows)

Calculate hash


MD5 Calculator

Text/file encryptor

Cryptoforge (Windows app)

BCTextEncoder (Windows app)

CrypTool  (Windows app)

Disk Encryption

VeraCrypt (Windows app)

Top apps

The top 5 applications that you need to master for CEH Practical exam, as they are ones of the most used, are the following:

  1. nmap / Zenmap
  2. Wireshark
  3. Burp Suite
  4. Cain
  5. metasploit (it is very present in iLabs exercises, but I am not sure if it is requested during exam)

You might also be interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *