Categories
Hacking

Reviewing Kali Tools

Categories
  1. Information Gathering
  2. Vulnerability Analysis
  3. Exploitation Tools
  4. Wireless Attacks
  5. Forensics Tools
  6. Web Applications
  7. Stress Testing
  8. Sniffing & Spoofing
  9. Password Attacks
  10. Maintaining Access
  11. Hardware Hacking
  12. Reverse Engineering
  13. Reporting Tools
  14. New Release Tools on Kali 2021.1

Information Gathering
  1. ace-voip
  2. Amap
  3. APT2
  4. arp-scan
  5. Automater
  6. bing-ip2hosts
  7. braa
  8. CaseFile
  9. CDPSnarf
  10. cisco-torch
  11. copy-router-config
  12. DMitry
  13. dnmap
  14. dnsenum
  15. dnsmap
  16. DNSRecon
  17. dnstracer
  18. dnswalk
  19. DotDotPwn
  20. enum4linux
    1. A combination of the Samba tools: smbclient, rpclient, net, and nmblookup used for enumeration [Link].
  21. enumIAX
  22. EyeWitness
    1. Automates taking screenshots of websites and provide server headers [Link].
  23. Faraday
  24. Fierce
  25. Firewalk
  26. fragroute
  27. fragrouter
  28. Ghost Phisher
  29. GoLismero
  30. goofile
  31. hping3
  32. ident-user-enum
  33. InSpy
  34. InTrace
  35. iSMTP
  36. lbd
  37. Maltego Teeth
  38. masscan
    1. mass SYN stealth scanner, much wilder than Nmap in ways [Link].
  39. Metagoofil
  40. Miranda
  41. nbtscan-unixwiz
  42. Nikto
    1. Webserver scanner for vulnerabilities [Link].
  43. Nmap
    1. Powerful Scanner [Link].
  44. ntop
  45. OSRFramework
  46. p0f
  47. Parsero
  48. Recon-ng
    1. It is a web reconnaissance framework designed exclusively for web-based open source [Link].
  49. SET
    1. Social Engineering Toolkit is an open-source penetration testing framework with a big number of custom attack vectors [Link].
  50. SMBMap
    1. It allows users to enumerate samba share drives across an entire domain [Link].
  51. smtp-user-enum
  52. snmp-check
  53. SPARTA
  54. sslcaudit
  55. SSLsplit
  56. sslstrip
  57. SSLyze
  58. Sublist3r
    1. Tool designed to enumerate subdomains of websites using OSINT [Link].
  59. THC-IPV6
  60. theHarvester
  61. TLSSLed
  62. twofi
  63. Unicornscan
  64. URLCrazy
  65. Wireshark
  66. WOL-E
  67. Xplico
Vulnerability Analysis
  1. BBQSQL
  2. BED
  3. cisco-auditing-tool
  4. cisco-global-exploiter
  5. cisco-ocs
  6. cisco-torch
  7. copy-router-config
  8. Doona
  9. DotDotPwn
  10. HexorBase
  11. jSQL Injection
  12. Lynis
    1. An auditing tool for Unix-based systems. It scans the system by performing many security control checks [Link].
  13. Nmap
    1. Storage of scripts that use NMAP to analyze networks and their devices. See also Nmap Scripting Engine [Link].
  14. ohrwurm
  15. openvas
    1. A framework of several services and tools offering vulnerability scanning and vulnerability management [Link].
  16. Oscanner
  17. Powerfuzzer
  18. sfuzz
  19. SidGuesser
  20. SIPArmyKnife
  21. sqlmap
    1. automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
  22. Sqlninja
    1. a SQL injection tool that exploits web applications that use a SQL server as a database server [Link].
  23. sqlsus
    1. another open-source SQL injection tool and is basically a MySQL injection and takeover tool [Link].
  24. THC-IPV6
  25. tnscmd10g
  26. unix-privesc-check
  27. Yersinia
    1. A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites among many other network protocol attacks [Link].
Exploitation Tools
  1. Armitage
    1. Graphic interface for MSF [Link].
  2. Backdoor Factory
  3. BeEF
    1. It is classified as a penetration testing tool that focuses on the web browser but in fact, it is a very malicious tool that can be used to exploit web vulnerabilities. The phishing features are incredible and mimic GMail or Facebook login pages for example [Link].
  4. cisco-auditing-tool
  5. cisco-global-exploiter
  6. cisco-ocs
  7. cisco-torch
  8. Commix
  9. crackle
  10. exploitdb
  11. jboss-autopwn
  12. Linux Exploit Suggester
  13. Maltego Teeth
  14. Metasploit Framework
    1. Metasploit, or MSF for short, is the most popular Pentest Framework [Documentation].
  15. MSFPC
  16. RouterSploit
  17. SET
    1. Social Engineering Toolkit is an open-source penetration testing framework with a big number of custom attack vectors [Link].
  18. ShellNoob
  19. sqlmap
    1. automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
  20. THC-IPV6
  21. Yersinia
    1. A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites [Link].
Wireless Attacks
  1. Airbase-ng
  2. Aircrack-ng
    1. an 802.11 WEP and WPA-PSK keys cracking program that can recover keys from captured packets.
  3. Airdecap-ng and Airdecloak-ng
  4. Aireplay-ng
    1. used to inject wireless frames, generating traffic for later cracking WEP and WPA-PSK keys. It also deauthenticates wireless clients for the purpose of capturing WPA 4-way handshake.
  5. airgraph-ng
  6. Airmon-ng
    1. enable and disable monitor mode on wireless interfaces.
  7. Airodump-ng
    1. used for packet capturing of raw 802.11 frames. It can collect WEP IVs and WPA2 4-way handshakes.
  8. airodump-ng-oui-update
  9. Airolib-ng
  10. Airserv-ng
  11. Airtun-ng
  12. Asleap
  13. Besside-ng
  14. Bluelog
  15. BlueMaho
  16. Bluepot
  17. BlueRanger
  18. Bluesnarfer
  19. Bully
  20. coWPAtty
  21. crackle
  22. eapmd5pass
  23. Easside-ng
  24. Fern Wifi Cracker
  25. FreeRADIUS-WPE
  26. Ghost Phisher
  27. GISKismet
  28. Gqrx
  29. gr-scan
  30. hostapd-wpe
  31. ivstools
  32. kalibrate-rtl
  33. KillerBee
  34. Kismet
  35. makeivs-ng
  36. mdk3
    1. exploits common wifi weaknesses, such as brute-force to reveal hidden SSID, beacon flood, authentication DoS, WPA downgrade, cancel all traffic continuously, and more.
  37. mfcuk
  38. mfoc
  39. mfterm
  40. Multimon-NG
  41. Packetforge-ng
  42. PixieWPS
  43. Pyrit
  44. Reaver
  45. redfang
  46. RTLSDR Scanner
  47. Spooftooph
  48. Tkiptun-ng
  49. Wesside-ng
  50. Wifi Honey
  51. wifiphisher
  52. Wifitap
  53. Wifite
  54. wpaclean
Forensics Tools
  1. Binwalk
  2. bulk-extractor
  3. Capstone
  4. chntpw
  5. Cuckoo
  6. dc3dd
  7. ddrescue
  8. DFF
  9. diStorm3
  10. Dumpzilla
  11. extundelete
  12. Foremost
    1. A forensics tool to recover files based on headers and footers from disk or image file [Link].
  13. Galleta
  14. Guymager
  15. iPhone Backup Analyzer
  16. p0f
  17. pdf-parser
  18. pdfid
  19. pdgmail
  20. peepdf
  21. RegRipper
  22. Volatility
  23. Xplico
Web Applications
  1. apache-users
  2. Arachni
  3. BBQSQL
  4. BlindElephant
  5. Burp Suite
    1. Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
  6. CutyCapt
  7. DAVTest
  8. deblaze
  9. DIRB
  10. DirBuster
    1. Multi-threaded Java application designed to brute force directories and file names on web/application servers [Link].
  11. fimap
  12. FunkLoad
  13. Gobuster
    1. a tool to brute-force and discover directories, files, and subdomains [Link].
  14. Grabber
    1. spider/crawler canner and test for SQLi (SQL Injection) and XXS (Cross-Site Scripting).
  15. hURL
  16. jboss-autopwn
  17. joomscan
  18. jSQL Injection
  19. Maltego Teeth
  20. Nikto
    1. Webserver scanner for vulnerabilities [Link].
  21. PadBuster
  22. Paros
  23. Parsero
  24. plecost
  25. Powerfuzzer
  26. ProxyStrike
  27. Recon-ng
    1. It is a web reconnaissance framework designed exclusively for web-based open source [Link].
  28. Skipfish
    1. a web site spider/crawler that can also test for various vulnerable parameters and configurations.
  29. sqlmap
    1. automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
  30. Sqlninja
    1. a SQL injection tool that exploits web applications that use a SQL server as a database server [Link].
  31. sqlsus
    1. another open-source SQL injection tool and is basically a MySQL injection and takeover tool [Link].
  32. ua-tester
  33. Uniscan
  34. w3af
  35. WebScarab
  36. Webshag
  37. WebSlayer
  38. WebSploit
  39. Wfuzz
    1. Another fuzzing tool for testing web applications [Link].
  40. WhatWeb
    1. Gets the fingerprint of the website. It recognizes web technologies blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, embedded devices, and more [Link].
  41. WPScan
    1. WordPress security scanner [Link].
  42. XSSer
    1. an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
  43. zaproxy
    1. The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].
Stress Testing
  1. DHCPig
  2. FunkLoad
  3. iaxflood
  4. Inundator
  5. inviteflood
  6. ipv6-toolkit
  7. mdk3
    1. exploits common wifi weaknesses, such as brute-force to reveal hidden SSID, beacon flood, authentication DoS, WPA downgrade, cancel all traffic continuously, and more.
  8. Reaver
  9. rtpflood
  10. SlowHTTPTest
  11. t50
  12. Termineter
  13. THC-IPV6
  14. THC-SSL-DOS
Sniffing & Spoofing
  1. bettercap
    1. Alternative to Ettercap, with additional features such as WIFI [Link].
  2. Burp Suite
    1. Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
  3. DNSChef
  4. fiked
  5. hamster-sidejack
  6. HexInject
  7. iaxflood
  8. inviteflood
  9. iSMTP
  10. isr-evilgrade
  11. mitmproxy
  12. ohrwurm
  13. protos-sip
  14. rebind
  15. responder
    1. It comes embedded in Kali and poisons the Windows network with an automatic responder for any broadcast request saying ‘that is me!’ and immediately ask for the hash of the credentials. This type of attack is known as LLMNR/NBT-NS/DNS/MDNS [Link].
  16. rtpbreak
  17. rtpinsertsound
  18. rtpmixsound
  19. sctpscan
  20. SIPArmyKnife
  21. SIPp
  22. SIPVicious
  23. SniffJoke
  24. SSLsplit
  25. sslstrip
  26. THC-IPV6
  27. VoIPHopper
  28. WebScarab
  29. Wifi Honey
  30. Wireshark
  31. xspy
  32. Yersinia
    1. A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites among many other network protocol attacks [Link].
  33. zaproxy
    1. The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].
Password Attacks
  1. BruteSpray
  2. Burp Suite
    1. Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
  3. CeWL
  4. chntpw
  5. cisco-auditing-tool
  6. CmosPwd
  7. creddump
  8. crowbar
  9. crunch
  10. findmyhash
  11. gpp-decrypt
    1. This tool decrypts and extracts the password from the GPP (Group Policy Preferences) file.
  12. hash-identifier
    1. Identifys what type of hash is based on a sample.
  13. Hashcat
    1. Smart brute force password cracker but also used as a “password recovery tool”. It supports hashing algorithms like LM, MD4, MD5, SHA-family, Unix Crypt, MySQL, Cisco PIX, and more [Link].
  14. HexorBase
  15. THC-Hydra
    1. A brute-force login cracker that supports numerous protocols: SSH, Telnet… [Link]
  16. John the Ripper
    1. Brute force password hash decrypts [Link].
  17. Johnny
  18. keimpx
  19. Maltego Teeth
  20. Maskprocessor
  21. multiforcer
  22. Ncrack
  23. oclgausscrack
  24. ophcrack
  25. PACK
  26. patator
  27. phrasendrescher
  28. polenum
  29. RainbowCrack
  30. rcracki-mt
  31. RSMangler
  32. SecLists
    1. A collection of multiple types of lists (passwords list for example) used during security assessments, collected in one place [Link].
  33. SQLdict
  34. Statsprocessor
  35. THC-pptp-bruter
  36. TrueCrack
  37. WebScarab
  38. wordlists
  39. zaproxy
    1. The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].
Maintaining Access
  1. CryptCat
  2. Cymothoa
  3. dbd
  4. dns2tcp
  5. HTTPTunnel
  6. Intersect
  7. Nishang
  8. polenum
  9. PowerSploit
    1. A collection of PowerShell scripts that can be used in post-exploitation with Evil-WinRM [Link].
  10. pwnat
  11. RidEnum
  12. sbd
  13. shellter
  14. U3-Pwn
  15. Webshells
  16. Weevely
  17. Winexe
Hardware Hacking
  1. android-sdk
  2. apktool
    1. It is a reverse engineering tool that decompiles Android APK files [Link].
  3. Arduino
  4. dex2jar
  5. Sakis3G
  6. smali
Reverse Engineering
  1. apktool
    1. It is a reverse engineering tool that decompiles Android APK files [Link].
  2. dex2jar
  3. diStorm3
  4. edb-debugger
  5. jad
    1. Just another Java decompiler [Link]. See also the Dex2Jar [Link] and JADX [Link].
  6. javasnoop
  7. JD-GUI
  8. OllyDbg
  9. smali
  10. Valgrind
  11. YARA
Reporting Tools
  1. CaseFile
  2. cherrytree
  3. CutyCapt
  4. dos2unix
  5. Dradis
  6. MagicTree
  7. Metagoofil
  8. Nipper-ng
  9. pipal
  10. RDPY
New Release Tools on Kali 2021.1
  1. Airgeddon
    1. Audit wireless networks.
  2. AltDNS
    1. Generates permutations, alterations, and mutations of subdomains and then resolve them.
  3. Arjun
    1. HTTP parameter discovery suite.
  4. Chisel
    1. A fast TCP/UDP tunnel over HTTP.
  5. DNSGen
    1. Generates a combination of domain names from the provided input.
  6. DumpsterDiver
    1. Search secrets in various file types.
  7. GetAllUrls
    1. Fetch known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl.
  8. GitLeaks
    1. Searches Git repo’s history for secrets and keys.
  9. HTTProbe
    1. Take a list of domains and probe for working HTTP and HTTPS servers.
  10. MassDNS
    1. A high-performance DNS stub resolver for bulk lookups and reconnaissance [Link].
  11. PSKracker
    1. WPA/WPS toolkit for generating default keys/pins.
  12. WordlistRaider
    1. Preparing existing wordlists.

The list of tools was taken from Kali’s official website [Link] but any comment or observation is personal and may not reflect the truth.