A hacker is a person who uses computers to gain unauthorized access to data. There are many different types of hackers. There are white hat, grey hat, and black hat hackers. Some hackers are defined by their intention. For example, a hacker that attacks for political reasons may be known as a hacktivist. A white hat hacker has no criminal intent, but instead focuses on finding and fixing network vulnerabilities.

Often companies will hire a white hat hacker to test the security of their network for vulnerabilities. A grey hat hacker is someone who may have criminal intent, but not often for personal gain. Often a grey hat will seek to expose a network vulnerability without the permission from the owner of the network. A black hat hacker is purely criminal. Their sole objective is personal gain. Black hat hackers take advantage of network vulnerabilities however they can for maximum benefit. A cyber-criminal is another type of black hat hacker, who is motivated to attack for illegal financial gain. A more basic type of hacker is known as a script kiddie. A script kiddie is a person who knows how to use basic hacking tools, but doesn't understand how they work. They often lack the knowledge to launch any kind of real attack, but can still cause problems on a poorly protected network.

There are a range of many different hacking tools. A tool such as Nmap, for example, is a great tool for both reconnaissance and scanning for network vulnerabilities. Some tools are grouped together to make toolkits and frameworks, such as the Social Engineering Toolkit and Metasploit framework.

The Metasploit framework is one of the most versatile and best supported hacking tool frameworks available. Metasploit is built around a collection of highly effective modules, such as msfvenom, and it provides access to an extensive database of exploits and vulnerabilities. There are also physical hacking tools. Devices such as the Rubber Ducky and Wi-Fi Pineapple are good examples. The Rubber Ducky is a USB payload injector that automatically injects a malicious virus into the device it's plugged into.

The Wi-Fi Pineapple can act as a rogue router and it can be used to launch man-in-the-middle attacks. The Wi-Fi Pineapple also has a range of modules that allow it to execute multiple attack vectors. These types of tool are known as penetration testing equipment. We will explore these tools and others in more detail, later in the book.