Kali Linux is a Linux distribution geared towards cyber security professionals, penetration testers, and ethical hackers. It comes decked out with a large assortment of hacking tools, and many more can be installed.
Perhaps you’re thinking about installing Kali Linux, or have recently installed it but aren’t sure of where to start. In this guide, we’re going to go over some of our favorite penetration testing and hacking tools on the distro. This will give you a good impression of what’s available, as well as some idea of how to use the various tools.
In this tutorial you will learn:
- Best Kali Linux tools for penetration testing and hacking
|Category||Requirements, Conventions or Software Version Used|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
Penetration testing and hacking tools for Kali Linux
Follow along with our list below as we go through our top picks of tools for Kali. There are hundreds more than what we mention here, but these are some of the essentials that we think everyone should know about.
When performing an attack against another device, the first step is to gather as much information as possible. Information about the network, routers, firewalls, and servers will help you understand how to mount the most effective attack. It will also help you to stay hidden. This stage is called digital reconnaissance.
The best tool for this stage would have to be Nmap. It can perform all types of network scans to help you fingerprint the network, but you’ll need to know a bit about how to use the tool, which is why we’ve written an introductory guide to Nmap.
More than 30% of the world’s websites are using WordPress as their content management system. If scanning websites for vulnerabilities is part of your job as a security professional, WPScan is going to be an essential tool in your arsenal. Learn how to use the tool in our guide for using WPScan to scan WordPress sites for vulnerabilities.
John the Ripper
John the Ripper is one of the best tools to use for cracking passwords on Linux. It can be used in conjunction with many other tools, making it quite flexible.
Aircrack-ng is an entire suite of Wi-Fi scanning and cracking tools. It’s pretty much your one stop for anything related to exploiting the security of wireless internet hotspots and routers. Check out our guide on using Aircrack-ng to test your Wi-Fi password.
When it comes to scanning network traffic, Wireshark is one of the best network protocol analyzers available. It can both capture and analyze the traffic. It has a ton of features to help you separate the “fluff” from what you’re looking for, making it a very powerful and efficient packet sniffer. We have a whole guide on filtering packets in Wireshark.
When it comes to testing the security of web applications, you’d have a hard time finding a set of tools better than Burp Suite from Portswigger web security. It allows you to intercept and monitor web traffic along with detailed information about the requests and responses to and from a server. Check out our four part tutorial on using the Burp Suite in Kali.
Hydra is a popular tool for launching brute force attacks on login credentials. Hydra has options for attacking logins on a variety of different protocols, such as SSH or websites. It integrates well with other utilities, and can utilize wordlists to perform dictionary attacks. We have guides for SSH password testing with Hydra and testing WordPress logins with Hydra.
Social Engineering Toolkit
It’s been said that the weakest part of any network’s security is the users. Even if you enforce strict network rules, usage of strong passwords, and take other security precautions, users can be susceptible to social engineering. The SET package allows you to craft believable attack vectors to deploy against your users, to see just how easily they can be duped through phishing and social engineering.
Skipfish is a highly efficient and aggressive tool to scan websites for vulnerabilities. It can handle a large assortment of websites, including various content management systems and HTTP servers. It’s an essential tool that all website administrators should use against their site to uncover any lingering gaps in security.
For those interested in cyber security, the Metasploit Framework is going to be your best friend while you learn the ropes. It’s sort of an all-in-one set of tools that can launch attacks against target systems. A great way to introduce yourself to the concepts is to use “Metasploitable,” a Linux virtual machine that has intentional security holes for you to exploit.
King Phisher allows you to simulate realistic phishing attacks. It has a GUI that’s really easy to use, so you can setup a phishing website in no time.
One of the most important things you must do when performing an attack or reconnaissance is to stay hidden, anonymous, and quiet. Intrusion detection systems will start to notice if a device with the same IP address or MAC address continues probing the network. That’s why it’s important to use a tool like MacChanger to change your system’s MAC address.
Adding to the importance of MacChanger, we must also mention ProxyChains, which allows you to stay anonymous and switch IP addresses. The best part is that it’s super easy to funnel any command through ProxyChains, allowing you to stay anonymous throughout all your reconnaissance and attacking.
When performing digital reconnaissance or penetrating testing, it’s important to fingerprint a network by understanding what servers or devices sit between your system and a target. For example, security professionals can’t go straight to attacking a web server without first taking the time to see if there’s a firewall in front of it.
This is where the traceroute utility comes in. It can send a packet from your system to the target machine, and list out its entire route for the journey there. This will reveal how many devices your network data is passing through, as well as the IP address of each device.
While not necessarily a hacking tool, telnet remains an ideal utility to test the connection to a certain port of a device. When it comes to finding vulnerabilities, nothing looks more promising than a wide open port. Check out our guide for how to install and use telnet on Kali.
You’d be surprised what people upload to the web. And they think that just because they put the files in some random directory, no one is going to find them. Sure, Google may never come across it, but that’s where Dirb comes in. Dirb can launch a dictionary attack against a website to find hidden directories. Who knows what kind of fun stuff you’ll find in there.
Bettercap is a flexible tool for launching man in the middle attacks. It also has a lot of other features, such as the ability to intercept HTTP, HTTPS, TCP, and other types of network traffic to pick up login credentials or other sensitive information.
JoomScan is similar to WPScan, except it works for sites running the Joomla content management system. Although not as popular as WordPress, Joomla still accounts for a fair share of the world’s websites, so it definitely deserves a spot among our favorite penetration testing tools.
Database servers house a lot of private information, which naturally makes them a highly prized target. SQLMap automates the process of scanning for database servers and testing them for vulnerabilities. Once a weakness is found, SQLMap can exploit a wide range of database servers, even retrieving information from them or executing commands on the server.
Fluxion is a social engineering tool designed to trick users into connecting to an evil twin network and giving away your wireless network’s password. Users will believe that they’re connecting a known router, but instead they are using a fake. Fluxion is a great tool to train users on the importance of connecting to trusted devices. Check out our guide on Fluxion to see how to create an evil twin network.
In this guide, we saw 20 of our favorite penetration testing and hacking tools for Kali Linux. This is only the tip of the iceberg, as hundreds of more tools are installed by default, and even more can be installed with just a few keystrokes. Hopefully this list will help inform you of what’s available on Kali and where to get started.