Kali Linux Tools Usage

Connect With Me

💰 You can help me by Donating

---

Table of Content

Phishing

• zphisher

Information Gathering Tools

DNS Analysis

• dnsenum: Multithreaded tool for DNS enumeration.
• dnsmap: Subdomain brute-forcing tool.
• dnsrecon: Perform DNS enumeration and zone transfers.
• fierce: DNS reconnaissance tool for locating non-contiguous IP space.

IDS/IPS Identification

• lbd: Load Balancer Detector for identifying load balancers.
• wafw00f: Detect web application firewalls (WAFs).

Live Host Identification

• arping: ARP-level ping to find live hosts on a network.
• fping: High-performance ping sweep tool.
• hping3: TCP/IP packet assembler for testing network security.
• masscan: Mass IP scanner with fast scanning speed.
• netcat: General-purpose network analysis and debugging tool.
• thcping6: Ping IPv6 hosts using TCP.
• unicornscan: Network reconnaissance and port scanner.

Network & Port Scanners

• nmap: Network mapping and port scanning tool.

OSINT Analysis

• maltego: Open-source intelligence and forensics platform.
• spiderfoot: Automated OSINT tool for threat intelligence.

Route Analysis

• netdiscover: Active/passive reconnaissance tool for networks.
• netmask: Analyzes and manages IP subnets.

SMB Analysis

• nbtscan: Scans for NetBIOS name information.
• smbscan: Assesses SMB shares for security issues.

SMTP Analysis

• smtp-user-enum: Enumerates valid SMTP users.
• swaks: Swiss Army Knife for SMTP testing.

SNMP Analysis

• onesixtyone: SNMP scanner for network devices.
• snmp-check: Enumerates SNMP devices and data.

SSL Analysis

• ssldump: Analyzes SSL connections.
• sslh: Multiplexer for SSL and non-SSL connections.
• sslscan: Tests SSL/TLS ciphers and vulnerabilities.
• sslyze: Audits SSL/TLS configurations.

Additional Tools

• amass: Subdomain enumeration tool.
• dmitry: Deepmagic Information Gathering Tool.
• ike-scan: Identifies VPN servers and devices using IKE.
• recon-ng: OSINT framework for automated reconnaissance.

Vulnerability Analysis Tools

• generic_chunked: Checks for vulnerabilities in chunked encoding.
• voiphopper: Tests VLAN hopping in VoIP networks.
• nikto: Web server vulnerability scanner.
• nmap: Network scanning with vulnerability detection scripts.
• unix-privesc-check: Identifies privilege escalation paths on Unix systems.

Web Application Analysis Tools

• cutycapt: Captures web screenshots.
• dirb: Scans directories and files on web servers.
• dirbuster: Directory brute-forcing tool.
• ffuf: Fuzzing web applications for vulnerabilities.
• cadaver: WebDAV command-line client.
• davtest: Tests WebDAV servers for vulnerabilities.
• skipfish: Automated web application security scanner.
• wapiti: Scans web applications for vulnerabilities.
• whatweb: Identifies technologies used by websites.
• wpscan: WordPress security scanner.
• burpsuite: Comprehensive web vulnerability scanner.
• commix: Automates exploitation of command injection.
• webshells: Backdoor web shells for post-exploitation.
• sqlmap: Automates detection and exploitation of SQL injection flaws.

Password Attacks Tools

Offline Attacks

• chntpw: Resets Windows passwords.
• hash-identifier: Identifies hash types.
• hashcat: GPU-accelerated password cracker.
• hashid: Identifies types of hash values.
• john: Password cracking tool (John the Ripper).
• ophcrack-cli: Cracks Windows passwords using LM/NT hashes.
• samdump2: Extracts hashes from Windows SAM files.
• truecrack: Cracks TrueCrypt containers.

Online Attacks

• hydra: Parallelized network login cracker.
• medusa: Fast network brute-forcing tool.
• ncrack: High-speed network authentication cracker.
• thc-pptp-bruter: Cracks PPTP VPN logins.

Passing The Hash Tools

• crackmapexec: Post-exploitation and penetration testing tool.
• evil-winrm: Remote administration tool for Windows.
• mimikatz: Extracts credentials from memory.
• smbmap: Enumerates and interacts with SMB shares.
• xfreedp: Exploits Remote Desktop Protocol (RDP).

Password Profiling & Wordlists

• cewl: Generates wordlists from web content.
• crunch: Creates custom wordlists.
• rsmangler: Generates mutations of input wordlists.
• wordlists: Pre-compiled lists of common passwords for attacks.

Wireless Attack Tools:

• bully: A tool for exploiting WPS vulnerabilities in Wi-Fi networks.
• fern-wifi-cracker: A GUI tool for testing wireless network security, focusing on WPA/WPA2 cracking.
• wash: A tool for discovering WPS-enabled routers to exploit.
• spooftooph: Bluetooth hacking tool for sniffing, spoofing, and cracking Bluetooth devices.
• aircrack-ng: A suite for monitoring, attacking, testing, and cracking Wi-Fi networks.
• kismet: A wireless network detector, sniffer, and intrusion detection system.
• pixiwps: A tool for exploiting weak WPS pins on routers using Pixie Dust attack.
• reaver: A tool for breaking WPS PINs and cracking WPA2 networks.
• wifite: Automated tool for cracking WEP and WPA wireless networks using various attacks.

Reverse Engineering Tools:

• clang: A compiler that translates C/C++ code to machine code for debugging and reverse engineering.
• clang++: A C++ compiler based on Clang, used for reverse engineering.
• msf-nasm_shell: A Metasploit tool for writing and testing shellcode.
• radare2: A framework for reverse engineering and analyzing binaries.

Exploitation Tools:

• crackmapexec: A tool for pentesters to automate exploitation of Windows networks.
• metasploit-framework: A powerful framework for developing and executing exploit code.
• msfpc: A Metasploit Payload Creator for creating reverse shells.
• searchsploit: A command-line tool for searching Exploit-DB's public exploits.
• setoolkit: A social engineering framework used for phishing, credential harvesting, and more.
• sqlmap: An automated tool for detecting and exploiting SQL injection vulnerabilities.

Sniffing & Spoofing Tools:

• dnschef: A DNS proxy tool used for manipulating DNS queries.
• dsniff: A collection of network tools for monitoring and spoofing network traffic.
• netsniff-ng: A high-performance network analyzer and packet sniffer.
• dns-rebind: A tool for DNS rebinding attacks to bypass security measures.
• sslsplit: A tool for intercepting and decrypting SSL/TLS traffic.
• tcpreplay: A tool to replay captured network traffic for testing purposes.
• ettercap-pkexec: A man-in-the-middle attack tool that supports sniffing and spoofing.
• macchanger: A tool for changing the MAC address of network interfaces.
• minicom: A terminal emulation program for interacting with serial devices.
• responder: A tool for poisoning name resolution protocols in local networks.
• scapy: A Python-based tool for packet crafting and network exploration.
• tcpdump: A packet capture tool for network traffic analysis.

Post Exploitation Tools:

• dbd: Database dump tool for extracting data after system compromise.
• powersploit: A collection of PowerShell scripts used for post-exploitation tasks in Windows environments.
• sbd: A tool for creating secure backdoors over DNS queries.
• dns2tcpc: A tool for tunneling TCP traffic over DNS queries to bypass firewalls.
• dns2tcpd: A server-side tool for handling DNS-based TCP tunneling.
• exe2hex: Converts executable files into hex format for easy manipulation in memory.
• iodine-client-start: A client for DNS tunneling, allows IP over DNS-based network communication.
• miredo: A Teredo (IPv6 over IPv4) tunneling daemon for creating a VPN-like connection.
• proxychains4: A tool for forcing network connections to go through proxy servers.
• proxytunnel: A tool that tunnels HTTPS traffic through an HTTP proxy.
• ptunnel: A tool to create a tunnel over ICMP for bypassing firewalls.
• pwnat: A NAT traversal tool for reverse shells and remote control via NATed networks.
• sslh: A protocol multiplexer that allows services like HTTPS, SSH, and OpenVPN to share the same port.
• stunnel4: A tool for creating secure SSL/TLS tunnels to protect unencrypted services.
• udptunnel: A tool for tunneling UDP traffic through a firewall.
• laudanum: A covert channel tool for encrypting and tunneling data over a network.
• weeevely: A web shell for maintaining access and performing post-exploitation activities.
• evil-winrm: A PowerShell-based remote management tool for exploiting Windows systems.

Forensics Tools:

• magicrescue: A tool for recovering files from damaged filesystems.
• scalpel: A file carving tool for recovering files from disk images.
• scrounge-ntfs: A tool for recovering deleted NTFS files.
• guymager: A forensic imaging tool for creating disk images and performing hash verification.
• pdf-parser: A tool for parsing and analyzing PDF files to extract data or metadata.
• pdfid: A tool for identifying the structure and objects in PDF files.
• autopsy: A digital forensics tool for analyzing hard drives and smartphones for evidence.
• binwalk: A tool for analyzing and extracting data from firmware images.
• bulk_extractor: A tool for extracting useful data from large data sets, such as disk images.
• hashdeep: A tool for computing and verifying hash values of files in a directory.

Reporting Tools:

• cherrytree: A hierarchical note-taking application for organizing notes and information.
• cutycapt: A tool for capturing screenshots of web pages and converting them to images.
• pipal: A tool for analyzing password statistics from password dumps to assess password security.

Social Engineering Tools:

• msfpc: A Metasploit Payload Creator for social engineering attacks, creating reverse shells.
• setoolkit: The Social-Engineer Toolkit for automating social engineering attacks like phishing and credential harvesting.