Hacker tool? Security application? Or both?
Introduction
Nmap (Network Mapper) is perhaps the most famous and used hacker tool that exists. Since its introduction in autumn 1997, this tool written by the pseudonym Fyodor (real name Gordon Lyon), has helped numerous hackers gathering valuable information about their targets. In fact, Fyodor himself admit that he is a hacker - the good kind.
This summer Nmap version 5 was released. According to Insecure.org, this is supposed to be "the most important Nmap release since 1997".
However, this security article will not be a review of the latest version of NMAP.
Good or bad?
In the beginning Nmap and similar "hacker tools" were considered by most to be dangerous and "all bad". As time went by, this attitude changed. Instead of attempting to stop or ignore tools that the dark side of the Internet used, a more "know your enemy" approach was accepted, as the security community acknowledged the need to know the tools that their enemies were using.
Even more so - tools like Nmap have gradually become an essential part of the security experts' invaluable security instruments.
And this leads us to the intriguing paradox that the same tools are used both by the defenders of a system and by the attackers. Gradually the security experts used Nmap and similar programs not only put themselves into the attackers' mind-set, but also as tools to gather information about the organization's infrastructure in an efficient manner. Unfortunately it is a well-known fact that "clever" users in an organization may install software without the IT department's knowledge - software that turns out to be unintentional security risks. Tools that many may view as mere hacker tools may help discover such and thereby prove effective in tightening the organization's overall security.
Available on the Internet
Nmap is only one example of a useful security tool. On the Internet one may find a plethora of free as well as expensive security tools that may be useful for the intruder as well as the defender. A web search for the words security tool hacker ends with over 18 million results. Using some of those may reveal information about an organization's Internet presence that turns out as a scary surprise for those responsible for the security in that organization.
One such tool - often overlooked - is Google. By using the more advanced search facilities in that search engine, lots of information about an organization is available. Such information will often be useful for an intruder when she investigates how to succeed in attacking the organization. Relevant information in such contexts is for example personnel to target for social engineering, programs running on computers accessible from the Internet, and so on.
Information is good
The discussion about developing and publishing tools that may be used by persons with malicious intent corresponds slightly to the continuosly ongoing discussion about vulnerability disclosure, discussed for example in our security article late 2002 (still relevant!). However, there seems to be a consensus that tools, which may be used to gather information about an organization's weaknesses, should be publicly available.
Ironically, quite a lot of the security tools that are developed and sold by security vendors, are also extremely useful as hacker tools in the wrong hands. Obviously a tool cannot be called a hacker tool because it is free, and a security tool only if it costs money. It is the way an application is used that decides if it is for the good or the bad.
Trivia
Nmap has been used in several movies to illustrate the use of hacker tools. Some of the more famous are "The Matrix Reloaded", "Live Free or Die Hard" (Die Hard 4) and "The Bourne Ultimatum".
