In this blog we will be learning about the best kali linux tools. These are the tools one should get their hands on after installing kali linux. These tools help hackers in doing hacking and penetration testing. There are plenty of tools installed in Kali but few are above all and help the security researchers , white hat hackers and black hat hackers to find the vulnerabilities in the systems and then exploit them.
List of tools
- Burp Suite
- Social Engineering Toolkit
Now we will be discussing the tools , their usage and they can actually do.
Nmap is a tool that is used for information gathering and fall in information gathering category. It helps scanning the network , a specific host , their ports and all the possible data that is available on the network. Using this tool the hacker can get the information about the ports opened on your machine. The OS and other fingerprint of the machine and using all these information from the tool the hacker can later launch an attack if you are vulnerable. Using this tool the attacker can also evade the firewall and can spoof.
WPScan is a tool that is used for auditing the WordPress sites. These days most of the sites are hosted on WordPress. The Hackers and the Security Researchers uses this tool to find the Vulnerabilities in the WordPress site. It perform a whole site audit and give a scan result about the host. It will tell the wordpress version , plugins , themes etc and their related vulnerabilities. An attacker can use those vulnerabilities to launch an attack against your site.
Aircrack-ng Strongest ever tool for hacking Wifi. This is the best tool available in hacking the Wifi. Most of the new users find this tool annoying but the reality is that this is the best tool to hack the Wifi if you are expert in it. Using this tool the attacker can attack the wireless network and get the Handshakes to get the password of the wireless network. To learn more about this tool you are referred to this blog.
Hydra is a very strong tool used for bruteforce the login and other dictionary attacks. If you want to bruteforce a login this is the perfect tool for you. It performs dictionary attack as well as generate random strings to brute force. The default hydra comes with 2 packages, hydra and hydra-gtk. The hydra is the cli tool and the hydra-gtk is the GUI tool. Using this tool you can remotely login to any system using bruteforce.It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Wireshark is the best tool for analyzing the traffic. Using this tool you can sniff the smallest packet transferred from the origin to the router. It is used by Security Researchers and Hackers to analyze the packets transferred over the network. Using this tool the attacker can get the confidential information like username password and other credentials passed as a plain text.
Metasploit is the tool that lies on the top of everything. Most Penetration Tester consider this tool as a backbone of hacking. This tool have lot of exploits that are enough for newbies. These tools are very helpful for the penetration testers for testing the Vulnerabilities.
Ettercap is an open-source project and a tool that is used by hackers and penetration testers to perform a man in the middle attack. Using this tool the attacker can attack on a network and can sniff all the network traffic. Additionally the attacker can modify the requests and can change the traffic as well. This tool is very helpful for attacking in LAN. Attacker can insert malicious scripts and can remotely download a RAT on the target machine and can exploit the vulnerabilities.
8. Burp Suite
Burp Suite is a GUI based tool used to test the security of the Web Apps. Using this tool one can modify the requests sent to server and can check the response in result to those requests. This tool is highly used by the Penetration testers to test the Security of the web applications. Additionally using this tool the tester can find the vulnerabilities in the web app and can exploit it as well. Burp comes pre install in Kali Linux but it is also available for Mac and Window users.
BeEF is a tool that is focuses on web browsers. Using BeEF the attacker can use a malicious link and can hack the browsers. This tool gives almost all access of the browser to the attacker and attacker can perform different attacks like redirecting to phishing site , hook the browser to attack later , show a phishing pop up etc. This tool is most effective in LAN and if used with Ettercap, there will be no need to send the link to the victim, Using the Ettercap the attacker can insert the js directly into the request and can gain access to the browser.
SQLMAP is a tool used for doing SQL injection on a vulnerable site. This tools performs some sql check on a site and if there is no proper code on backend this tool breaks the query and perform different union based queries to get the data on the database. This tools comes pre installed in Kali Linux. If the site is vulnerable the attacker can dump the database and can get the admin access to the website.
Hashcat is a tool that is used to crack the passwords that are encrypted. This tool is really fast and uses the CPU as well as GPU to crack the encrypted hash real quick. If the attacker dumped the database using SQL Injection and had encrypted password in it. The attacker can run a bruteforce attack against that password and can decrypt it. It is also available for Mac and Window users.
12. Social Engineering ToolKit
Social Engineering Toolkit also known as SET or SETOOLKIT, used for doing social engineering attacks. This toolkit can help an attacker to create a phishing page or a malicious document or a RAT, to be sent to the victim. Once the victim opens the document or the file sent to him. The system will be compromised. This tool along with Ettercap can be very dangerous as using the Ettercap the attacker can show a Phishing Page on the real URL or can send the malicious file or RAT in LAN remotely and gain access.
These are some tools one should get hands on after installing kali linux. These tools are almost connected to each other.