Cybersecurity Tools
Using these tools for penetration testing and for offensive security comes with responsibilities. As a cyber security professional one has the responsibility of using these tools ethically. When using these tools for penetration testing or security assessments always obtain written consent of the system owners for the systems being tested or assessed.
| Tool Name | Tool Category | Summary of Tool Functionality | Use Cases / examples |
| Nmap | Information Gathering, Vulnerability Analysis | “Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. | Start nmap tool from Applications->Information Gathering->Nmap. To scan a single ip: nmap 192.168.1.18 it will show ports that are open and mac address info. (or a range of ips like 192.168.1.0/24) To scan a site: nmap facebook.com it will show DNS info, ports open, |
| nikto | Vulnerability Analysis | Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. | Can scan webservers for vulnerabilities e.g. to scan cybersecurityinc.net : Start nikto applicationnikto -host 199.34.228.71 |
| metasploit | Exploitation Tools | Metasploit is a framework of exploits, shellcodes, fuzzing tools, payloads,encoders etc. More over we can regard it as a collection of exploitation tools bundled into a single framework. It is avaliable in all major Linux, Windows, OS X platforms. It’s main objective is to test your/company’s/organization’s defences by attacking them. Something like “Offense for Defense”. This is actually where a penetration tester/Security Analyst begins attacking the victim after a huge recon. Metasploit has a wide range of tools & utilities to perform attacks agianst all operating systems including Android & iOS. | with this command db_nmap -v -sV you can collect info about the hosts on network. Collect info into postgress db and later import into armitage db_export -fmydb.xml |
| armitage | Exploitation Tools | Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. | Used with metasploit. This has a graphical interface. Can do the following: Scan host. After Scan is complete you can use the Attack -> Find Attack to get suggestions on what to exploit. |
| Wireshark | Sniffing & Spoofing | It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. This is a commercial product, although there might be free limited trials available. | Start wireshark from Applications->Sniffing & Spoofing->Wireshark or by typing wireshark on a terminal. Select Capture or double-click on network interface (eth0) to capture network traffic from your device |
| Sqlmap | Database Assesment | Sqlmap is a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms. | |
| SET | Social Engineering Tools | SET (Social-Engineer Toolkit)SET is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons. It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows. | |
| Hydra | Password Attacks | Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. | |
| maltego | Information Gathering, Password Attacks, Exploitation Tools, Web Applications | Maltego is an amazing relationship analysis tool that can track who or what is connected to what or who. The software can explore links between people, social networks, organizations, web sites, Internet infrastructure, phrases and has tags on Twitter, affiliations and files and produces graphical network diagrams. | |
| OWASP ZAP | Web Applications, Sniffing & Spoofing | The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. | |
| John the Ripper | Password Attacks | John the Ripper is a Password Cracker tool. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form. | |
| Aircrack-ng | Wireless Attacks | Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks. | May need an addition USB network card to use this tool in a virtualBox. |
Kali Tools by Type [1]
| Information Gathering | Vulnerability Analysis | Wireless Attacks | Web Applications | Sniffing & Spoofing | Password Attacks | Hardware Hacking |
| acccheck | BBQSQL | Aircrack-ng | apache-users | Burp Suite | acccheck | android-sdk |
| ace-voip | BED | Asleap | Arachni | DNSChef | Burp Suite | apktool |
| Amap | cisco-auditing-tool | Bluelog | BBQSQL | fiked | CeWL | Arduino |
| Automater | cisco-global-exploiter | BlueMaho | BlindElephant | hamster-sidejack | chntpw | dex2jar |
| bing-ip2hosts | cisco-ocs | Bluepot | Burp Suite | HexInject | cisco-auditing-tool | Sakis3G |
| braa | cisco-torch | BlueRanger | CutyCapt | iaxflood | CmosPwd | smali |
| CaseFile | copy-router-config | Bluesnarfer | DAVTest | inviteflood | creddump | |
| CDPSnarf | DBPwAudit | Bully | deblaze | iSMTP | crunch | Reverse Engineering |
| cisco-torch | Doona | coWPAtty | DIRB | isr-evilgrade | DBPwAudit | apktool |
| Cookie Cadger | DotDotPwn | crackle | DirBuster | mitmproxy | findmyhash | dex2jar |
| copy-router-config | Greenbone Security Assistant | eapmd5pass | fimap | ohrwurm | gpp-decrypt | diStorm3 |
| DMitry | GSD | Fern Wifi Cracker | FunkLoad | protos-sip | hash-identifier | edb-debugger |
| dnmap | HexorBase | Ghost Phisher | Grabber | rebind | HexorBase | jad |
| dnsenum | Inguma | GISKismet | jboss-autopwn | responder | THC-Hydra | javasnoop |
| dnsmap | jSQL | Gqrx | joomscan | rtpbreak | John the Ripper | JD-GUI |
| DNSRecon | Lynis | gr-scan | jSQL | rtpinsertsound | Johnny | OllyDbg |
| dnstracer | Nmap | hostapd-wpe | Maltego Teeth | rtpmixsound | keimpx | smali |
| dnswalk | ohrwurm | kalibrate-rtl | PadBuster | sctpscan | Maltego Teeth | Valgrind |
| DotDotPwn | openvas-administrator | KillerBee | Paros | SIPArmyKnife | Maskprocessor | YARA |
| enum4linux | openvas-cli | Kismet | Parsero | SIPp | multiforcer | |
| enumIAX | openvas-manager | mdk3 | plecost | SIPVicious | Ncrack | Reporting Tools |
| Fierce | openvas-scanner | mfcuk | Powerfuzzer | SniffJoke | oclgausscrack | CaseFile |
| Firewalk | Oscanner | mfoc | ProxyStrike | SSLsplit | PACK | CutyCapt |
| fragroute | Powerfuzzer | mfterm | Recon-ng | sslstrip | patator | dos2unix |
| fragrouter | sfuzz | Multimon-NG | Skipfish | THC-IPV6 | phrasendrescher | Dradis |
| Ghost Phisher | SidGuesser | PixieWPS | sqlmap | VoIPHopper | polenum | KeepNote |
| GoLismero | SIPArmyKnife | Reaver | Sqlninja | WebScarab | RainbowCrack | MagicTree |
| goofile | sqlmap | redfang | sqlsus | Wifi Honey | rcracki-mt | Metagoofil |
| hping3 | Sqlninja | RTLSDR Scanner | ua-tester | Wireshark | RSMangler | Nipper-ng |
| InTrace | sqlsus | Spooftooph | Uniscan | xspy | SQLdict | pipal |
| iSMTP | THC-IPV6 | Wifi Honey | Vega | Yersinia | Statsprocessor | |
| lbd | tnscmd10g | Wifitap | w3af | zaproxy | THC-pptp-bruter | |
| Maltego Teeth | unix-privesc-check | Wifite | WebScarab | TrueCrack | ||
| masscan | Yersinia | Webshag | WebScarab | |||
| Metagoofil | Forensics Tools | WebSlayer | wordlists | |||
| Miranda | Exploitation Tools | Binwalk | WebSploit | zaproxy | ||
| Nmap | Armitage | bulk-extractor | Wfuzz | |||
| ntop | Backdoor Factory | Capstone | WPScan | Maintaining Access | ||
| p0f | BeEF | chntpw | XSSer | CryptCat | ||
| Parsero | cisco-auditing-tool | Cuckoo | zaproxy | Cymothoa | ||
| Recon-ng | cisco-global-exploiter | dc3dd | dbd | |||
| SET | cisco-ocs | ddrescue | Stress Testing | dns2tcp | ||
| smtp-user-enum | cisco-torch | DFF | DHCPig | http-tunnel | ||
| snmp-check | Commix | diStorm3 | FunkLoad | HTTPTunnel | ||
| sslcaudit | crackle | Dumpzilla | iaxflood | Intersect | ||
| SSLsplit | exploitdb | extundelete | Inundator | Nishang | ||
| sslstrip | jboss-autopwn | Foremost | inviteflood | polenum | ||
| SSLyze | Linux Exploit Suggester | Galleta | ipv6-toolkit | PowerSploit | ||
| THC-IPV6 | Maltego Teeth | Guymager | mdk3 | pwnat | ||
| theHarvester | SET | iPhone Backup Analyzer | Reaver | RidEnum | ||
| TLSSLed | ShellNoob | p0f | rtpflood | sbd | ||
| twofi | sqlmap | pdf-parser | SlowHTTPTest | U3-Pwn | ||
| URLCrazy | THC-IPV6 | pdfid | t50 | Webshells | ||
| Wireshark | Yersinia | pdgmail | Termineter | Weevely | ||
| WOL-E | peepdf | THC-IPV6 | Winexe | |||
| Xplico | RegRipper | THC-SSL-DOS | ||||
| Volatility | ||||||
| Xplico |
[1] kali.org. (2018). Official Kali Linux Documentation. Retrieved from https://www.kali.org/kali-linux-documentation/