EH-Net

SO I watched that TV show on NATGEO tonight on the NSA: Inside the NSA.

One of the interesting things that one of the people said that "there is 68,000 hacking tools out there".

Do you think there is that many or was he exaggerating a bit?  Just wondering.

I've never heard a number put on how many tools there are.  I'm curious as to where they got that number, or how they came up with it.  Not sure how'd they come up with a number like that either.  Or if they account for custom tools people make and throw up on their sites that aren't that widely used.  Or if they differentiate between tools created/used by blackhats or ones created/used by pentesters (LOIC vs Metasploit).  Or tools that aren't even being supported/updated/used anymore.

Hmm...curious.  But I don't doubt that there was a bit of exaggeration used there.

But it was on the NatGeo channel so it must be true  ;D For almost all types of hacks, you generally don't need more than 100 tools, as a lot of tools are multi-purpose tools.

Anyway, if they count in all the tools from the beginning till now, including various stealers, bots, viruses, trojans, etc., then 68k is actually wrong, but without viruses, worms, trojans, etc. and only manual tools (+ automated scanners), 68k could be right if you as previously mentioned include stealers, bots, rats, and of course, copies of these that goes under other names but are actually 100% the same version.

If you count an exploit, for a tool, which is generally is as it's a piece of code that you can run, and use as a tool to e.g., exploit an ftp service and thereby gaining access to the actual server, then 68k may sound more reasonable.

It really depends on how you look at it, because anything from a script to a stealer can almost be classified as a tool somehow, thus 68k isn't really that much.

If you count in all the variants of trojans, etc. then you could probably say 300k or even more (probably a million?)  ;D No idea, I think it's either a random number they came up with that sounds cool or from an official report that isn't accurate  :)

Whoa, hold on a sec, Inside the NSA?! Please tell me it will be on again, I will find cable to watch it.

MaXe,

NATGeo never lies, nor does the internet.  So if it's on the internet then it must be true since Al Gore made the internet. 

It was just an interesting comment.  I don't know what the definition of the "hacking tool" that he presented and where he got that number.  Maybe you are right about the whole exploit as a tool.  Maybe that's where he got it from.  I doubt this guy was a worker and physically sat at the computer and stopped an attack.  He was just the overall supervisor it looked like.

Very interesting TV show.  I DVR'd it.  Save for later.  They had a few shots of computer screens and I want to see what they are using.  I did see Linux.

Seph,

It should be on a few times later this week.  Check out NatGeo online and seeif you can watch on their site or on Youtube.

Well, EH.net alone has nearly 50k members. If you consider a script or small program to be a tool (and why wouldn't you!?), you're close to that number if everyone has written one at one point or another. I've written several "tools" myself ;)

And unlike me, Sil has 10 legitimate ones: http://infiltrated.net/index.php?option=com_content&view=article&id=13&Itemid=18

Iron Geek has a lot: http://www.irongeek.com/i.php?page=security/code

And so on. I regularly come across blogs that have a dozen nifty utilities that I've never heard of before.

For as broad as they're making it, 68k is probably low. It's not like they're talking about tools on par Metasploit (which arguably contains hundreds itself), Nmap (the same could be said with NSE), etc.