Open In App

Kali Linux Tools

Last Updated : 13 Dec, 2022
Like Article

Kali Linux is a Linux based operating system, mostly used in penetration testing. has recently released its new update with some extra functionalities. There are different types of tools that are present in Kali Linux to perform different operations. 

Types of tools in Kali Linux

1. Information Gathering:

These software or applications have a job of collecting and formatting the data in a form that could further be used. This is similar to cookies used by different websites or your browsing history used by Google to personalize every advertisement and providing the best services to you. Kali operating system provides these tools to the developer and penetration testing community to help in gathering and formulating captured data. Some of the tools are:

  • Nmap
  • Zenmap
  • Stealth scan
  • dmitry
  • maltego

Nmap is the most famous in these tools. Go to “Applications” then in “Information Gathering”, you will find these tools.

2. Vulnerability Analysis:

Vulnerability is a state or condition of being exposed to the possibility of being attacked or harmed in one or the other way. These tools are used to check a system or machine for any kind of flow and vulnerability available in them, which could lead to any security breach and data loss. These tools also help in fixing those vulnerability as identification make the user aware of the flow. For example: If windows release its new operating system, before providing it into the end-user they send for vulnerability analysis and fixes. Some of the tools:

  • Bed
  • Ohrwurm
  • Powerfuzzer
  • Sfuzz
  • Siparmyknife
  • nikto

All these tools are very common in the community. Go to “Applications” then in “Vulnerability Analysis”, you will find these tools.

3. Web Application Analysis:

Web Application is a dynamic response web page that helps in a better and interactive client-server relationship. These tools identify and access websites through the browser to check any bug or loophole present, which could lead any information or data to lose. For example, there is a website with a payment gateway then these web analyzers check if sufficient authentication and authorization present of the site. These web application uses:

  • SQL injections
  • Denial of service
  • URL manipulation

Some of the tools are:

  • Burpsuite
  • Httrack
  • Sqlmap
  • Vega
  • Webscarab
  • Wpscan
  • zap
  • skipfish

Burpsuite, vega, and web scarab are some most famous tools. Go to “Applications” then in “Web Application Analysis”, you will find these tools.

4. Database Assessment:

These applications are made to access the database and analyze it for different attacks and security issues. These assessment shows some opportunities for improvement and changes. They develop a report of the analysis done on the database system. They perform:

  • Configuration checking
  • Examining user account
  • Privilege and role grants
  • Authorization control
  • Key management
  • Data encryption

Some of the tools are:

  • Bbqsl
  • Jsql injection
  • Oscanner
  • Sqlmap
  • Sqlninja
  • Tmscmd10g

Sqlmap is the most famous database assessment tool. This tool injects SQL injection for scanning, detecting, and exploitation. Go to “Applications” then in “Database Assessment”, you will find these tools.

5. Password Attacks:

These are basically a collection of tools that could handle the wordlist or password list to be checked on any login credentials through different services and protocols. Some tools are wordlist collectors and some of them are the attacker. Some of the tools are:

  • Cewl
  • Crunch
  • Hashcat
  • John
  • Johnny
  • Medusa
  • ncrack

John the Ripper and Medusa are the most famous tools. Go to “Applications” then in “Password Attacks”, you will find these tools.

6. Wireless Attacks:

These tools are wireless security crackers, like breaking wifi – routers, working and manipulating access points. Wireless attacks are not limited to password cracking these are also used in information gathering and knowing behavior of victims over the internet. For example, the Victim is connected to a compromised access point or a fake access point then it can be used as a Man-in-The-Middle attack. Some of the tools are:

  • Aircrack-ng
  • Fern- wifi –cracker
  • Kismet
  • Ghost Phisher
  • wifite

Aircrack-ng and Ghost Phisher are the most famous tools. Go to “Applications” then in “Wireless Attacks”, you will find these tools.

7. Reverse Engineering:

Reverse Engineering is to break down the layers of the applications or software. This is used in creating cracks and patches for different software and services. These tools reach the source code of the application, understand its working and manipulate according to needs. For example, Reverse engineering tools are also used by High-End companies to know the logic and idea behind the software. Some of the tools are:

  • Apktools
  • Ollydbg
  • Flasm
  • nasm shell

Most famous tools are ollydbg and apltools. Go to “Application” then in “Reverse Engineering”, you will find these tools.

8. Exploitation Tools:

These tools are used to exploit different systems like personal computers and mobile phones. These tools can generate payloads for the vulnerable system and through those payloads information from the devices can be exploited. For example, the Victim’s system is compromised using payloads over internet or installing it if physically accessible. Some of the tools are:

  • Armitage
  • Metasploit
  • Searchsploit
  • Beef xss framework
  • termineter
  • Social engineering toolkit(root)

The most famous tool is Metasploit (there are courses to learn Metasploit alone). Go to “Applications” then in “Exploitation Tools”, you will find these tools.

9. Sniffing and Spoofing:

Secretly accessing any unauthorized data over network is sniffing. Hiding real identity and creating fake identity and use it for any illegal or unauthorized work is spoofing. IP spoofing and MAC spoofing are two famous and mostly used attacks. Some of the tools are:

  • Wireshark
  • Bettercap
  • Ettercap
  • Hamster
  • Driftnet
  • responder
  • macchanger

The most used tool is Wireshark. Go to “Applications” then in “Sniffing and Spoofing”, you will find these tools.

10. Post Exploitation:

These tools use back doors to get back to the vulnerable system i.e. to maintain access to the machine. As the name suggests these are useful or mostly used after an attack has previously been made on the victim’s machine. For example, After an attack victim removed the vulnerability from the system, in this situation if attacker wants to access data again, then these tools are helpful. Some of the tools are:

  • MSF
  • Veil –Pillage framework
  • Powersploit
  • Powershell empire

The most famous tool is Powersploit. Go to “Applications” then in “Post Exploitation Tools”, you will find these tools.

11. Forensics:

These tools are used by forensic specialist to recover information from any system or storage devices. This helps in collecting information during evidence searching for any cybercrime. Some of the tools are:

  • Autopsy
  • Binwalk
  • Galleta
  • Hashdeep
  • Volafox
  • Volatility

The most famous tool is Autopsy, it has also been used by security forces, many judicial and investigating officials. Go to “Applications” then in “Forensics”, you will find these tools.

12. Reporting Tools:

After all the assessment and vulnerability testing analysts have to report all those to the client in an organised and authenticated way. These tools develop statistics and information to help in analysing. Some of the tools are:

  • Dradis
  • Faraday IDE
  • Pipal
  • Magictree
  • metagoofil

Most famous tools are faraday, Dradis, and Pipal. Go to “Applications” then in “Reporting Tools”, you will find these tools.

13. Social Engineering:

As the name suggests these tools generate similar services that people use in daily life and extract personal information using those fake services. These tools use and manipulate human behavior for information gathering. For example, Phishing is one of the example of social engineering, in this, a similar looking home page of any social platform is created and then login details are compromised. Some of the tools are:

  • SET
  • Backdoor-f
  • U3-pwn
  • Ghost Phisher
  • msf payload creator
  • SET(social engineering toolkit)

The most famous social engineering tool is SET. Go to “Applications” then in “Social Engineering Tools”, you will find these tools.

Similar Reads

Kali-Whoami - Stay anonymous on Kali Linux
In today's life, we are surrounded by a lot of cyber security tools and we talk about our online anonymity, but are we really anonymous? A single mistake can reveal our anonymity, so here is a tool that can help us to make anonymity possible and it is called WHOAMI. It is very useful and has a very simple UI. Note: if you are a parrot user then you
3 min read
Gobuster - Penetration Testing Tools in Kali Tools
One of the primary steps in attacking an internet application is enumerating hidden directories and files. Doing so can often yield valuable information that makes it easier to execute a particular attack, leaving less room for errors and wasted time. There are many tools available to try to do this, but not all of them are created equally. Gobuste
10 min read
Kali Linux - Exploitation Tools
After Scanning, information Gathering, and finding a vulnerability comes the main concept of hacking which is Exploitation of the vulnerability. Vulnerability is not that effective if it can not be exploited or it could not cause harm to the application, So in order to get the impact of the vulnerability, we have to exploit also in many cases we ha
3 min read
Kali Linux - Information Gathering Tools
Information Gathering means gathering different kinds of information about the target. It is basically, the first step or the beginning stage of Ethical Hacking, where the penetration testers or hackers (both black hat or white hat) tries to gather all the information about the target, in order to use it for Hacking. To obtain more relevant results
5 min read
Kali Linux - Vulnerability Analysis Tools
Vulnerability Analysis is one of the most important phases of Hacking. It is done after Information Gathering and is one of the crucial steps to be done while designing an application. The cyber-world is filled with a lot of vulnerabilities which are the loopholes in a program through which hacker executes an attack. These vulnerabilities act as an
4 min read
Kali Linux - Web Penetration Testing Tools
By 2016, there were around 3424971237+ internet users over the world. Being a hub of many users, there comes a responsibility of taking care of the security of these many users. Most of the Internet is the collection of websites or web applications. So in order to prevent these web applications, there is a need of testing them again payloads and ma
5 min read
Top 10 Kali Linux Tools For Hacking
Kali Linux is a Debian-derived Linux distribution that is maintained by Offensive Security. It was developed by Mati Aharoni and Devon Kearns. Kali Linux is a specially designed OS for network analysts, Penetration testers, or in simple words, it is for those who work under the umbrella of cybersecurity and analysis. The official website of Kali Li
7 min read
Kali Linux - Wireless Attack Tools
Many of us think that hacking wifi is like breaking a plastic lock with an iron hammer and it is so with the following mentioned tools. Hacking wireless networks are just a beginning part of moving from defensive to offensive security. Hacking wifi includes capturing a handshake of a connection and cracking the hashed password using various attacks
4 min read
Kali Linux - Forensics Tools
Today when we are surrounded by a lot of ransomware, malware, and digital viruses to spy and invade our policy, there is a great need to learn how to prevent ourselves from them. When it comes to malicious, encrypted, secure, or any other file forensics tools helps us to analyze them and makes our path to the attacker more clear or even sometimes g
3 min read
Hacking Tools for Penetration Testing - Fsociety in Kali Linux
Fsociety is a free and open-source tool available on GitHub which is used as an information-gathering tool. Fsociety is used to scanning websites for information gathering and finding vulnerabilities in websites and web apps. Fsociety is one of the easiest and useful tools for performing reconnaissance on websites and web apps. The Fsociety tool is
4 min read