There are several tools in the Kali Linux Tools list. Some may argue that all of the tools are useful in some way or another. Many of the tools do the exact same thing. It then becomes a matter of which tool is more useful to meet the goal that you are trying to accomplish.
For example, if you are running a headless pentesting device, you would want a tool that can be automated via the command line. If you want to manually pentest and have the need for a GUI, then the GUI based tools would be better suited for you. The tools that are listed below are my personal favorites for speed, ease of use, and the information provided or exploited.
10. Social Engineer Toolkit
Let’s begin with the simple one. You don’t require so much technical knowledge to learn the working of Social-Engineer Toolkit (SET). This tool is designed to perform advanced attacks against the human element. The methods built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test. It involves phishing, information gathering, data cloning etc. Some of the most popular SET tools are:
- Man Left in the Middle Attack
- Spear-Phishing Attack Vector
- Java Applet Attack Vector
- Metasploit Browser Exploit Method
- Credential Harvester Attack Method
- Tabnabbing Attack Method
- Infectious Media Generator
9. Browser Exploitation Framework (BeEF)
You might have heard about XSS vulnerability. It is one of the most common vulnerabilities in the web applications. BeEf (Browser exploitation framework) is used to exploit an XSS vulnerability and it focuses on client-side attacks. Once the tool exploits XSS on a website, the users of that website become the victim and their browser can be fully controlled by the BeEF. An attacker can install plugins, show pop-ups, redirect to any URL. You can make the victim download a malware or any malicious program.
8. John The Ripper
The program john (or ‘John the Ripper’, abbreviated JtR) is a program by Alexander Peslyak that attempts to retrieve cleartext passwords, given hashes. It is a password tester or cracker tool. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems.
7. HashCat
Hashcat can crack almost any kind of hash. It has two variants with two different algorithms one is CPU cracking other one is GPU cracking. GPU cracking algorithm, OclHashCat is faster than traditional CPU cracking because GPU has too many numbers of cores. OclHashcat uses multi-core to crack thousands of hash in less than a second. This powerful hash cracking tool can be really helpful when you use it with a custom wordlist or a brute-force attack.
6. BetterCap
BetterCAP is one of the most powerful Kali Linux tools to perform various Man-In-The-Middle attacks. It can manipulate HTTP, HTTPS and TCP traffic in real-time, sniff for credentials and much more. It can be called the enhanced version of Ettercap tool which is also a very popular tool for MIME attacks.
BetterCap is able to crack SSL/TLS, HSTS, HSTS Preloaded. It uses SSLstrip+ and DNS server (dns2proxy) to implement partial HSTS bypass. The SSL/TLS connections are terminated. However, the downstream connection between client and attacker does not use SSL/TLS encryption and remains decrypted.
5. THC Hydra
Hydra is a very popular password cracker. It is a fast and stable network login bypass tool that uses a dictionary or brute-force attack to try various password and login combinations on a login page. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, FTP, HTTP, https, smb, several databases, and much more.
4.Network Mapper (Nmap)
Network Mapper is a simple network scanner tool in Kali Linux. It allows you to scan a system or a network. Nmap allows you to scan open ports, running services, NetBIOS, os detection etc. It uses various type of detection technique to evade IP filters firewalls. Nmap is one most commonly used Kali Linux tools for attacking a system or a server. If you prefer a GUI, you can use zenmap.
3. Aircrack-Ng
Aircrack is a suit of Wireless hacking tools. It is an 802.11 WEP and WPA-PSK keys cracking tool that can recover keys when sufficient data packets have been captured. It implements standard FMS attacks along with some optimizations like KoreK attacks, as well as the PTW attacks to make their attacks more potent.
It focuses on different areas of WiFi security:
- Monitoring: Packet capture and export of data to text files for further processing by third-party tools.
- Attacking: Replay attacks, authentication, fake access points and others via packet injection.
- Testing: Checking WiFi cards and driver capabilities (capture and injection).
- Cracking: WEP and WPA PSK (WPA 1 and 2).
2. Wireshark
Wireshark is a very popular network analyzer among other Kali Linux tools. It is widely used in network security auditing. Wireshark uses display filters for general packet filtering. It was formerly known as Ethereal. It can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data.
1. Metasploit Framework
Metasploit Framework is a tool for developing and executing exploit code against a remote target machine. The basic steps for exploiting a system using the Framework include:
- Choosing and configuring an exploit
- Optionally checking whether the intended target system is susceptible to the chosen exploit.
- Choosing and configuring a payload (code that will be executed on the target system upon successful entry
- Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload.
- Executing the exploit.
This modular approach allows the combination of any exploit with any payload, is the major advantage of the Framework. It facilitates the tasks of attackers, exploits writers, and payload writers.