Labels

Kali Linux Tools for Hacking and Penetration Testing

 Top Kali Linux Tools for Hacking and Penetration Testing

Welcome back, my novice hackers!

Network Tools

  1. zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  2. nmap – Free security scanner for network exploration & security audits.
  3. pig – one of the Hacking Tools forGNU/Linux packet crafting .
  4. scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  5. tcpdump/libpcap – Common packet analyzer that runs under the command line.
  6. Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
  7. Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  8. netsniff-ng – Swiss army knife for for network sniffing.
  9. Intercepter-NG – Multifunctional network toolkit.
  10. SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  11. dnschef – Highly configurable DNS proxy for pentesters.
  12. DNSDumpster – one of the Hacking Tools for Online DNS recon and search service.
  13. CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  14. dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
  15. dnsmap – One of the Hacking Tools for Passive DNS network mapper.
  16. dnsrecon – One of the Hacking Tools for DNS enumeration script.
  17. dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  18. passivedns-client – Library and query tool for querying several passive DNS providers.
  19. passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  20. Mass Scan – best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  21. Zarp – Network attack tool centered around the exploitation of local networks.
  22. mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  23. Morpheus – Automated ettercap TCP/IP Hacking Tools .
  24. mallory – HTTP/HTTPS proxy over SSH.
  25. SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  26. Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
  27. DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  28. pwnat – Punches holes in firewalls and NATs.
  29. dsniff – Collection of tools for network auditing and pentesting.
  30. tgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  31. smbmap – Handy SMB enumeration tool.
  32. scapy – Python-based interactive packet manipulation program & library.Dshell – Network forensic analysis framework.
  33. Debookee – Simple and powerful network traffic analyzer for macOS.
  34. Dripcap – Caffeinated packet analyzer.
  35. Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  36. Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
  37. routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  38. evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  39. XRay – Network (sub)domain discovery and reconnaissance automation tool.
  40. Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
  41. BetterCAP – Modular, portable and easily extensible MITM framework.
  42. CrackMapExec – A swiss army knife for pentesting networks.
  43. impacket – A collection of Python classes for working with network protocols.

Linux Operating Systems

  1. Kali – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools
  2. ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
  3. BlackArch – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
  4. Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
  5. Pentoo – Security-focused live CD based on Gentoo.
  6. BackBox – Ubuntu-based distribution for penetration tests and security assessments.
  7. Parrot – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
  8. Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
  9. The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
  10. AttifyOS – GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

Vulnerability Scanners

  1. Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  2. Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  3. OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
  4. Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Web Scanners

  1. Nikto – Noisy but fast black box web server and web application vulnerability scanner.
  2. Arachni – Scriptable framework for evaluating the security of web applications.
  3. w3af – Hacking Tools for Web application attack and audit framework.
  4. Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
  5. SecApps – In-browser web application security testing suite.
  6. WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
  7. WPScan – Hacking Tools of Black box WordPress vulnerability scanner.
  8. cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  9. joomscan – on of the best Hacking Tools for Joomla vulnerability scanner.
  10. ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS

Web Exploitation

  1. OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  2. Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
  3. Burp Suite – One of the Hacking Tools ntegrated platform for performing security testing of web applications.
  4. autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
  5. Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.
  6. Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
  7. WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  8. WPSploit – Exploit WordPress-powered websites with Metasploit.
  9. SQLmap – Automatic SQL injection and database takeover tool.
  10. tplmap – Automatic server-side template injection and Web server takeover Hacking Tools .
  11. weevely3 – Weaponized web shell.
  12. Wappalyzer – Wappalyzer uncovers the technologies used on websites.
  13. WhatWeb – Website fingerprinter.
  14. BlindElephant – Web application fingerprinter.
  15. wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
  16. fimap – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
  17. Kadabra – Automatic LFI exploiter and scanner.
  18. Kadimus – LFI scan and exploit tool.
  19. liffy – LFI exploitation tool.
  20. Commix – Automated all-in-one operating system command injection and exploitation tool.
  21. DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
  22. GitTools – One of the Hacking Tools that Automatically find and download Web-accessible .git repositories.
  23. sslstrip – One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
  24. sslstrip2 – SSLStrip version to defeat HSTS.
  25. NoSQLmap – Automatic NoSQL injection and database takeover tool.
  26. VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  27. FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  28. EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  29. webscreenshot – A simple script to take screenshots of list of websites.

Wireless Network Hacking Tools

  1. Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
  2. Kismet – Wireless network detector, sniffer, and IDS.
  3. Reaver – Brute force attack against WiFi Protected Setup.
  4. Wifite – Automated wireless attack tool.
  5. Fluxion – Suite of automated social engineering based WPA attacks.

File Format Analysis Tools

  1. Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  2. Veles – Binary data visualization and analysis tool.
  3. Hachoir – Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Defense Evasion Tools

  1. Veil – Generate metasploit payloads that bypass common anti-virus solutions.
  2. shellsploit – Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
  3. Hyperion – Runtime encryptor for 32-bit portable executables (“PE .exes”).
  4. AntiVirus Evasion Tool (AVET) – Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
  5. peCloak.py – Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  6. peCloakCapstone – Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
  7. UniByAv – Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.

DDoS Tools

  1. LOIC – Open source network stress tool for Windows.
  2. JS LOIC – JavaScript in-browser version of LOIC.
  3. SlowLoris – DoS tool that uses low bandwidth on the attacking side.
  4. HOIC – Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
  5. T50 – Faster network stress tool.
  6. UFONet – Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Social Engineering Tools

  1. Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
  2. King Phisher – One of the Hacking Tools for Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
  3. Evilginx – MITM attack framework used for phishing credentials and session cookies from any Web service.
  4. wifiphisher – Automated phishing attacks against WiFi networks.
  5. Catphish – Tool for phishing and corporate espionage written in Ruby.
  6. Beelogger – Tool for generating keylooger.

Anonymity Tools

  1. Tor – Free software and onion routed overlay network that helps you defend against traffic analysis.
  2. OnionScan – One of the Hacking Tools for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  3. I2P – The Invisible Internet Project.
  4. Nipe – Script to redirect all traffic from the machine to the Tor network.
  5. What Every Browser Knows About You – Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.

Physical Access Tools

  1. LAN Turtle – Covert “USB Ethernet Adapter” that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
  2. USB Rubber Ducky – Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
  3. Poisontap – Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
  4. WiFi Pineapple – Wireless auditing and penetration testing platform.
  5. Proxmark3 – RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.

Side-channel Tools

  1. ChipWhisperer – Complete open-source toolchain for side-channel power analysis and glitching attacks.

Hex Editors

  1. HexEdit.js – Browser-based hex editing.
  2. Hexinator – World’s finest (proprietary, commercial) Hex Editor.Frhed – Binary file editor for Windows.
  3. 0xED – Native macOS hex editor that supports plug-ins to display custom data types.

Hash Cracking Hacking Tools

  1. John the Ripper – One of the best Hacking Tools for Fast password cracker.
  2. Hashcat – Another One of the Hacking Tools The more fast hash cracker.
  3. CeWL – Generates custom wordlists by spidering a target’s website and collecting unique words.
  4. JWT Cracker – Simple HS256 JWT token brute force cracker.
  5. Rar Crack – RAR bruteforce cracker.
  6. BruteForce Wallet – Find the password of an encrypted wallet file (i.e. wallet.dat).

CTF Tools

  1. ctf-tools – Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
  2. Pwntools – Rapid exploit development framework built for use in CTFs.
  3. RsaCtf Tool – Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

---------Thank You For Given Your Time---------

Labels:

Comments

Post a Comment

Popular Posts