Kali Linux Tools
Kali Linux Tools
1. Netcat – Listen on a specific port for incoming connections and transfer data
Example: nc -lvp 4444
2. Hydra – Brute force SSH login for a single username using a wordlist
Example: hydra -l admin -P passwords.txt ssh://192.168.1.100
3. Burpsuite – Intercept and modify HTTP/S traffic during web application testing
Example: Launch Burp and set your browser’s proxy to 127.0.0.1:8080
4. nmap – Scan a target with aggressive options to detect services, versions, and OS details
Example: nmap -A 192.168.1.1
5. John the Ripper – Crack password hashes using dictionary and brute force methods
Example: john --wordlist=passwords.txt hashfile.txt
6. Metasploit – Launch and manage exploits to compromise systems using known vulnerabilities
Example: msfconsole -x "use exploit/windows/smb/ms08_067_netapi; set RHOST 192.168.1.100; run"
7. Aircrack-ng – Capture wireless packets and crack WEP/WPA handshakes
19. Dirb – Brute force common directories and file paths on a web server
23. SET (Social-Engineer Toolkit) – Craft and launch social engineering attacks like phishing
Example: Run setoolkit and follow interactive menus to build your payload
24. Recon-ng – Automate open‑source intelligence gathering with a modular recon framework
Example: Launch recon-ng and use modules like contacts-host against a domain
25. Wifite – Automate capturing and cracking of WPA/WPA2 handshakes from wireless networks
Example: wifite -i wlan0
26. SQLninja – Exploit SQL injection flaws in Microsoft SQL Server environments
Example: sqlninja -u "http://target/page.php?id=1"
27. LBD (Load Balancer Detector) – Detect load balancers or proxies masking a target’s true IP
Example: lbd -i eth0 192.168.1.100
28. Patator – Perform multi‑protocol brute force attacks with flexible module support
Example: patator ftp_login host=192.168.1.100 user=FILE0 pass=FILE1 0=usernames.txt 1=passwords.txt
29. Tcpflow – Capture and store entire TCP sessions for post-capture analysis
Example: tcpflow -i eth0 port 80
30. Scapy – Create, send, and manipulate custom network packets in Python
Example:
response = sr1(packet)
print(response.summary())
```
31. Armitage – Graphical front-end for Metasploit to visualize targets and manage exploits
Example: beef-xss to start the BeEF server and load its web interface
33. Cewl – Spider a website to generate a custom wordlist from its content
Example: Launch w3af_console and execute a scan profile against a target URL
35. XSSer – Automatically detect and exploit cross-site scripting (XSS) vulnerabilities
Example: xsser --url http://targetsite.com/page.php?param=1
36. Skipfish – Crawl and audit web applications to discover security issues and map site structure
Example: skipfish -o output_folder http://targetsite.com
37. DNSenum – Enumerate DNS records, subdomains, and perform zone transfers on a target domain
Example: dnsenum target.com
38. DNSrecon – Conduct thorough DNS reconnaissance including brute forcing and zone transfers
41. Responder – Poison LLMNR, NBT-NS, and MDNS requests to capture Windows authentication hashes
43. Medusa – Parallel brute force login tool supporting multiple protocols
45. enum4linux – Extract information from Windows and Samba systems through SMB protocols
47. Mimikatz – Extract plaintext passwords, hashes, and Kerberos tickets from Windows memory
Example: Run mimikatz.exe on a compromised Windows machine (often via Wine in Kali)
48. Impacket – Utilize Python classes for crafting and executing low‑level network protocols
49. PowerSploit – Execute PowerShell scripts to perform post‑exploitation and offensive tasks on Windows
51. Unicorn – Convert shellcode into VBA macros for bypassing security in Office documents
Example: arp-scan -l
53. Wifiphisher – Automate phishing attacks against WiFi networks to capture WPA credentials
54. Fluxion – Conduct social engineering attacks to harvest WiFi passwords via a fake access point
Example: Run ./fluxion.sh and follow the interactive menus
56. Bully – Brute force WPS PINs on wireless networks to compromise WPA/WPA2 security
Example: bully wlan0 -b [BSSID]
57. Pixiewps – Exploit Pixie Dust vulnerability in WPS to recover the WPA/WPA2 passphrase offline
58. Fern Wifi Cracker – Graphical tool to audit and crack WiFi network passwords
Example: Launch the Fern Wifi Cracker GUI and select your target
59. Sherlock – Search multiple social networks to find accounts based on a username
60. Sublist3r – Enumerate subdomains by leveraging multiple search engines and DNS queries
Example: sublist3r -d target.com
62. Knockpy – Brute force subdomains using dictionary attacks against a target domain
63. DNSMap – Map DNS records and discover subdomains to understand a target’s network structure
Example: dnsmap target.com
64. Paros Proxy – Intercept and modify HTTP/S traffic with a dedicated web security proxy
Example: Launch Paros Proxy and configure your browser’s proxy settings
65. ZAP (OWASP Zed Attack Proxy) – Intercept, fuzz, and scan web applications for vulnerabilities
Example: Launch ZAP and use the automated scanner on a target URL
66. Wapiti – Black‑box web vulnerability scanner that maps and tests web application components
67. Arachni – Scan web applications for security issues using a high‑performance Ruby framework
Example: arachni http://targetsite.com --report-save=report.afr
68. Xerosploit – Launch man‑in‑the‑middle attacks and network manipulation for red team exercises
Example: Run xerosploit and choose the desired attack mode from the menu
69. THC-IPv6 – A suite of tools to test and exploit vulnerabilities in IPv6 networks
Example: thc-ipv6 -I eth0
70. 6Scan – Perform IPv6 scanning to discover hosts and services in an IPv6 network
71. EvilGrade – Automate injection of malicious updates in systems with vulnerable update mechanisms
73. Wfuzz – Brute force web application parameters and directories to uncover hidden resources
75. XSStrike – Advanced XSS detection and exploitation tool featuring fuzzing capabilities
77. Wifijammer – Launch deauthentication attacks against wireless networks to disrupt connectivity
79. SMBclient – Access and interact with SMB/CIFS shares directly from the command line
85. Arpwatch – Monitor ARP traffic to detect changes and possible spoofing on a network
Example: arpwatch -i eth0
86. OWASP Dependency Check – Scan project dependencies to identify publicly disclosed vulnerabilities
89. Sleuth Kit – Forensically analyze file systems and recover deleted files from storage media
Example: fls -r /dev/sda1
90. Autopsy – Graphical interface for forensic investigations to analyze disk images and recover evidence
Example: Launch Autopsy and add the disk image as evidence
91. Fierce – DNS scanner to locate non‑contiguous IP space and enumerate subdomains
93. P0f – Passively fingerprint operating systems on a network without sending any packets
Example: p0f -i eth0
94. HTTrack – Download an entire website for offline browsing and analysis
Example: httrack http://targetsite.com
95. DNSChef – Spoof DNS responses to redirect target traffic for testing or analysis
97. Pupy – Cross‑platform remote administration tool for post‑exploitation and payload delivery
Example: python pupygen.py -f exe -O windows
98. RouterSploit – Exploitation framework targeting embedded devices like routers and IoT systems
Example: rsf.py (then use interactive commands to scan and exploit)
99. FuzzDB – Repository of attack patterns, payloads, and resources to assist in fuzzing applications