Kali Linux is one of the most popular operating systems among hackers and security researchers. Kali Linux is based on Debian Linux (Distribution of Linux). It comes with a lot of pre-installed security tools which are used for hacking websites, wireless networks, User data, etc. These are some of my favorite and popularly used tools.
The Metasploit Project is a hugely popular pentesting or hacking framework. If you are new to Metasploit think of it as a ‘collection of hacking tools and frameworks that can be used to execute various tasks. Widely used by cyber security professionals. Metasploit framework aka MSF is the best and no:1 tool in Kali Linux for backdooring and malware attacks. MSF has 1500+ exploits, 800+ auxiliary modules and 400+ payloads which are more than enough. MSF can target any kind of system including windows, mac, Linux, android and even CCTV cameras. MSF can generate a back door and control the infected system with its handler. It can also launch remote exploits, bruteforce attacks and much more. Its simplified CLI allows you navigate through all exploits easily and manage the infected systems easily Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies, and methodologies for exploitation.
Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for: shared sessions, data, and communication through a single Metasploit instance. Armitage is written and supported by Raphael Mudge. Armitage is a GUI frontend for the Metasploit Framework developed by Raphael Mudge with the goal of helping security professionals better understand hacking and to help them realize the power of Metasploit. It was originally made for Cyber Defense Exercises but has since expanded its user base to other penetration testers. Armitage is a scriptable red team collaboration tool built on top of the Metasploit Framework. Through Armitage, a user may launch scans and exploits, get exploit recommendations, and use the advanced features of the Metasploit Framework’s meterpreter.
3.Social Engineer Toolkit
The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, Java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons. It has a command-line interface, works on Linux, Apple Mac OS X, and Microsoft Windows.
4.John the Ripper (JTR)
John the Ripper (often you’ll see abbreviated as ‘JTR’) wins the award for having the coolest name. John the Ripper, mostly just referred to as simply, ‘John’ is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a ‘word list’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks. If you are somewhat confused between John the Ripper and THC Hydra then think of John the Ripper as an ‘offline’ password cracker whilst THC Hydra is an “online” cracker.
We’ve purposely placed THC Hydra underneath John The Ripper because they often go ‘hand-in hand’. THC Hydra (we’ve abbreviated to simply ‘Hydra’ throughout our site) is a hugely popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use a dictionary or brute-force attacks to try various password and login combinations against a login page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. Take a look at John the Ripper as well.
Nmap, also known as network mapper is a pretty simple tool in Kali Linux that allows you to scan a system or a network. Nmap allows you to scan open ports, running services, NetBIOS, OS detection etc. Nmap uses various type of detection technique to evade IP filters firewalls. Nmap has both command line interface and GUI and supports almost all platforms including windows and mac. This the tool that you have to use before attacking a system or a server. Nmap, as a tool, uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target. There are dozens of benefits of using Nmap, one of which is that fact that the admin user is able to determine whether the network (and associated nodes) need patching. Nmap’s been featured in literally every hacker movie out there, not least the recent Mr. Robot series. It’s also worth mentioning that there’s a GUI version of Nmap called ‘Zenmap’. We’d advise you to learn using Nmap (i.e. the ‘command line’) then rotate into Zenmap when you are feeling all confident.
The Aircrack is a suite of Wi-fi (Wireless) hacking tools. Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode).It implements standard FMS attacks along with some optimizations like KoreK attacks, as well as the PTW attacks to make their attacks more potent. If you are a mediocre hacker then you’ll be able to crack WEP in a few minutes and you ought to be pretty proficient at being able to crack WPA/ WPA2. Aircrack supports almost all wifi adapters and also available for windows. The most interesting part is that it can be used as a wifi jammer by sending an unlimited deauth packet to a router and thus disconnects all the connected devices.
BeEF stands for Browser exploitation framework. Beef is used to exploit an xss vulnerability and it focuses on client side attacks. Once a victim access an xss vulnerable site that’s linked to the beef, the beef server running on the attacker hooks the target browser. When the browser is hooked the attacker gets full control over the browser. An attacker can install or uninstall plugins, show pop ups, redirect to rogue URL. with this framework, you can make the victim download a malware or your Trojan. Beef has a pretty good user interface it’s easy to use as well.
Hashcat can crack almost any kind of hash. Hashcat has two variants with two different algorithms one is CPU cracking other one is GPU cracking. OclHashCat uses the GPU cracking algorithm which is very faster than traditional CPU cracking. Unlike a CPU, a GPU has too many numbers of cores. OclHashcat uses this multi-core to crack thousands of hash in less than a second. with 8x Nvidia Titan x running on a 64-bit Ubuntu can crack up to 115840 Mega hash per second. This powerful hash cracking tool can be really helpful when you use it with a custom word list or a brute force attack.
Hashcat used to come in two main variants:
- hashcat – A CPU-based password recovery tool
- oclHashcat/cudaHashcat – A GPU-accelerated tool (OpenCL or CUDA)
With the release of hashcat v3.00, the GPU and CPU tools were merged into a single tool called hashcat v3.00. The CPU-only version became hashcat-legacy. Both CPU and GPU now require OpenCL.
Many of the algorithms supported by hashcat-legacy can be cracked in a shorter time by using the well-documented GPU acceleration leveraged in oclHashcat, cudaHashcat and hashcat v3.00 (such as MD5, SHA1, and others). However, not all algorithms can be accelerated by leveraging GPUs. Bcrypt is a good example of this. Due to factors such as data-dependent branching, serialization, and memory (to name just a few), oclHashcat/cudaHashcat weren’t catchall replacements for hashcat-legacy.
Hashcat-legacy is available for Linux, OSX and Windows. oclHashcat/cudaHashcat is only available for Linux and Windows due to improper implementations in OpenCL on OSX. Hashcat is available for OSX, Windows, and Linux with GPU, CPU and generic OpenCL support which allows for FPGA’s and other accelerator cards.
Vega is a powerful recon tool that comes with a well designed graphical interface. Vega scans a web server and helps you to detect almost all types of vulnerability including SQL injection and XSS. Vega sorts the vulnerable links to three different section based on severity. Vega can detect social security numbers and email ids. It also allows you to browse through the whole website with a file manager like interface.
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP’s plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase
In penetration testing most of the hackers tries to take down a database in the first place while attacking a web server. SQL map is really powerful fully automated auditing tool for attacking a database by exploiting a server side SQL vulnerability. Sqlmap comes with a command line interface with cool green fonts. Sqlmap can target Mysql, Mssql, postgresql, Oracle etc and supports almost all injection technique. You just need to input the vulnerable link rest is fully automated process. Sqlmap supports multithreading mode and also tor proxy. click here to read the blog on SQL injection.
The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cyber security professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security. ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually. Understanding and being able to master this tool would also be advantageous to your career as a penetration tester. If you are a developer then you have it’s obviously highly recommended that you learn how to become very proficient with this ‘hacker tool!’
Wireshark essentially captures data packets in a network in real time and then displays the data in a human-readable format (verbose). The tool (platform) has been highly developed and it includes filters, color-coding and other features that let the user dig deep into network traffic and inspect individual packets. If you’d like to become a penetration tester or work as a Cyber Security practitioner, then learning how to use Wireshark is a must. There are a ton of resources out there to learn Wireshark, and, of particular interest, there’s also a Wireshark Certification which you can achieve and place on your LinkedIn profile.
Maltego is different in that it works within a digital forensics sphere. Maltego is a platform that was designed to deliver an overall cyber threat picture to the enterprise or local environment in which an organization operates. One of the awesome things about Maltego which likely makes it so popular (and included in the Kali Linux Top Ten) is it’s unique perspective in offering both network and resource based entities is the aggregation of information sourced throughout the web – whether it’s the current configuration of a vulnerable router within a network or the current whereabouts of your staff members on their international visits, Maltego can locate, aggregate and Tvisualize this data! For those interested in learning how to use Maltego we’d also recommend learning about OSINT cyber security data procurement.
16.Nikto Website Vulnerability Scanner
Nikto is another classic ‘Hacking Tool’ that a lot of pentesters like to use. Worth mentioning that Nickto is sponsored by Netsparker (which is yet another Hacking Tool that we have also listed in our directory). Nikto is an Open Source (GPL) web server scanner which is able to scan and detect web servers for vulnerabilities. The system searches against a database of over 6800 potentially dangerous files/ programs when scanning software stacks. Nikto, like other scanners out there, also scans for outdated (unpatched) versions of over 1300 servers, and version specific problems on over 275 servers. Interestingly, Nikto can also check server configuration items such as the presence of multiple index files, HTTP server options, and the platform will also try to identify installed web servers and web applications. Nikto will get picked up by any semi-decent IDS tool so its’ really useful when conducting a white-hat/ white-box pentest. Certainly, a great tool to learn your skills on when attacking an open box for training.
Fern WiFi Cracker provides a GUI interface that front-ends AirCrack to make your life that bit easier. Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or Ethernet based networks.
To know about more Kali Linux tools: https://tools.kali.org/tools-listing