Reviewing Kali Tools

Information Gathering

ace-voip
Amap
APT2
arp-scan
Automater
bing-ip2hosts
braa
CaseFile
CDPSnarf
cisco-torch
copy-router-config
DMitry
dnmap
dnsenum
dnsmap
DNSRecon
dnstracer
dnswalk
DotDotPwn
enum4linux
1. A combination of the Samba tools: smbclient, rpclient, net, and nmblookup used for enumeration [Link].
enumIAX
EyeWitness
1. Automates taking screenshots of websites and provide server headers [Link].
Faraday
Fierce
Firewalk
fragroute
fragrouter
Ghost Phisher
GoLismero
goofile
hping3
ident-user-enum
InSpy
InTrace
iSMTP
lbd
Maltego Teeth
masscan
1. mass SYN stealth scanner, much wilder than Nmap in ways [Link].
Metagoofil
Miranda
nbtscan-unixwiz
Nikto
1. Webserver scanner for vulnerabilities [Link].
Nmap
1. Powerful Scanner [Link].
ntop
OSRFramework
p0f
Parsero
Recon-ng
1. It is a web reconnaissance framework designed exclusively for web-based open source [Link].
SET
1. Social Engineering Toolkit is an open-source penetration testing framework with a big number of custom attack vectors [Link].
SMBMap
1. It allows users to enumerate samba share drives across an entire domain [Link].
smtp-user-enum
snmp-check
SPARTA
sslcaudit
SSLsplit
sslstrip
SSLyze
Sublist3r
1. Tool designed to enumerate subdomains of websites using OSINT [Link].
THC-IPV6
theHarvester
TLSSLed
twofi
Unicornscan
URLCrazy
Wireshark
WOL-E
Xplico

Vulnerability Analysis

BBQSQL
BED
cisco-auditing-tool
cisco-global-exploiter
cisco-ocs
cisco-torch
copy-router-config
Doona
DotDotPwn
HexorBase
jSQL Injection
Lynis
1. An auditing tool for Unix-based systems. It scans the system by performing many security control checks [Link].
Nmap
1. Storage of scripts that use NMAP to analyze networks and their devices. See also Nmap Scripting Engine [Link].
ohrwurm
openvas
1. A framework of several services and tools offering vulnerability scanning and vulnerability management [Link].
Oscanner
Powerfuzzer
sfuzz
SidGuesser
SIPArmyKnife
sqlmap
1. automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
Sqlninja
1. a SQL injection tool that exploits web applications that use a SQL server as a database server [Link].
sqlsus
1. another open-source SQL injection tool and is basically a MySQL injection and takeover tool [Link].
THC-IPV6
tnscmd10g
unix-privesc-check
Yersinia
1. A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites among many other network protocol attacks [Link].

Exploitation Tools

Armitage
1. Graphic interface for MSF [Link].
Backdoor Factory
BeEF
1. It is classified as a penetration testing tool that focuses on the web browser but in fact, it is a very malicious tool that can be used to exploit web vulnerabilities. The phishing features are incredible and mimic GMail or Facebook login pages for example [Link].
cisco-auditing-tool
cisco-global-exploiter
cisco-ocs
cisco-torch
Commix
crackle
exploitdb
jboss-autopwn
Linux Exploit Suggester
Maltego Teeth
Metasploit Framework
1. Metasploit, or MSF for short, is the most popular Pentest Framework [Documentation].
MSFPC
RouterSploit
SET
1. Social Engineering Toolkit is an open-source penetration testing framework with a big number of custom attack vectors [Link].
ShellNoob
sqlmap
1. automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
THC-IPV6
Yersinia
1. A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites [Link].

Wireless Attacks

Airbase-ng
Aircrack-ng
1. an 802.11 WEP and WPA-PSK keys cracking program that can recover keys from captured packets.
Airdecap-ng and Airdecloak-ng
Aireplay-ng
1. used to inject wireless frames, generating traffic for later cracking WEP and WPA-PSK keys. It also deauthenticates wireless clients for the purpose of capturing WPA 4-way handshake.
airgraph-ng
Airmon-ng
1. enable and disable monitor mode on wireless interfaces.
Airodump-ng
1. used for packet capturing of raw 802.11 frames. It can collect WEP IVs and WPA2 4-way handshakes.
airodump-ng-oui-update
Airolib-ng
Airserv-ng
Airtun-ng
Asleap
Besside-ng
Bluelog
BlueMaho
Bluepot
BlueRanger
Bluesnarfer
Bully
coWPAtty
crackle
eapmd5pass
Easside-ng
Fern Wifi Cracker
FreeRADIUS-WPE
Ghost Phisher
GISKismet
Gqrx
gr-scan
hostapd-wpe
ivstools
kalibrate-rtl
KillerBee
Kismet
makeivs-ng
mdk3
1. exploits common wifi weaknesses, such as brute-force to reveal hidden SSID, beacon flood, authentication DoS, WPA downgrade, cancel all traffic continuously, and more.
mfcuk
mfoc
mfterm
Multimon-NG
Packetforge-ng
PixieWPS
Pyrit
Reaver
redfang
RTLSDR Scanner
Spooftooph
Tkiptun-ng
Wesside-ng
Wifi Honey
wifiphisher
Wifitap
Wifite
wpaclean

Forensics Tools

Binwalk
bulk-extractor
Capstone
chntpw
Cuckoo
dc3dd
ddrescue
DFF
diStorm3
Dumpzilla
extundelete
Foremost
1. A forensics tool to recover files based on headers and footers from disk or image file [Link].
Galleta
Guymager
iPhone Backup Analyzer
p0f
pdf-parser
pdfid
pdgmail
peepdf
RegRipper
Volatility
Xplico

Web Applications

apache-users
Arachni
BBQSQL
BlindElephant
Burp Suite
1. Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
CutyCapt
DAVTest
deblaze
DIRB
DirBuster
1. Multi-threaded Java application designed to brute force directories and file names on web/application servers [Link].
fimap
FunkLoad
Gobuster
1. a tool to brute-force and discover directories, files, and subdomains [Link].
Grabber
1. spider/crawler canner and test for SQLi (SQL Injection) and XXS (Cross-Site Scripting).
hURL
jboss-autopwn
joomscan
jSQL Injection
Maltego Teeth
Nikto
1. Webserver scanner for vulnerabilities [Link].
PadBuster
Paros
Parsero
plecost
Powerfuzzer
ProxyStrike
Recon-ng
1. It is a web reconnaissance framework designed exclusively for web-based open source [Link].
Skipfish
1. a web site spider/crawler that can also test for various vulnerable parameters and configurations.
sqlmap
1. automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
Sqlninja
1. a SQL injection tool that exploits web applications that use a SQL server as a database server [Link].
sqlsus
1. another open-source SQL injection tool and is basically a MySQL injection and takeover tool [Link].
ua-tester
Uniscan
w3af
WebScarab
Webshag
WebSlayer
WebSploit
Wfuzz
1. Another fuzzing tool for testing web applications [Link].
WhatWeb
1. Gets the fingerprint of the website. It recognizes web technologies blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, embedded devices, and more [Link].
WPScan
1. WordPress security scanner [Link].
XSSer
1. an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
zaproxy
1. The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].

Stress Testing

DHCPig
FunkLoad
iaxflood
Inundator
inviteflood
ipv6-toolkit
mdk3
1. exploits common wifi weaknesses, such as brute-force to reveal hidden SSID, beacon flood, authentication DoS, WPA downgrade, cancel all traffic continuously, and more.
Reaver
rtpflood
SlowHTTPTest
t50
Termineter
THC-IPV6
THC-SSL-DOS

Sniffing & Spoofing

bettercap
1. Alternative to Ettercap, with additional features such as WIFI [Link].
Burp Suite
1. Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
DNSChef
fiked
hamster-sidejack
HexInject
iaxflood
inviteflood
iSMTP
isr-evilgrade
mitmproxy
ohrwurm
protos-sip
rebind
responder
1. It comes embedded in Kali and poisons the Windows network with an automatic responder for any broadcast request saying ‘that is me!’ and immediately ask for the hash of the credentials. This type of attack is known as LLMNR/NBT-NS/DNS/MDNS [Link].
rtpbreak
rtpinsertsound
rtpmixsound
sctpscan
SIPArmyKnife
SIPp
SIPVicious
SniffJoke
SSLsplit
sslstrip
THC-IPV6
VoIPHopper
WebScarab
Wifi Honey
Wireshark
xspy
Yersinia
1. A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites among many other network protocol attacks [Link].
zaproxy
1. The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].

Password Attacks

BruteSpray
Burp Suite
1. Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
CeWL
chntpw
cisco-auditing-tool
CmosPwd
creddump
crowbar
crunch
findmyhash
gpp-decrypt
1. This tool decrypts and extracts the password from the GPP (Group Policy Preferences) file.
hash-identifier
1. Identifys what type of hash is based on a sample.
Hashcat
1. Smart brute force password cracker but also used as a “password recovery tool”. It supports hashing algorithms like LM, MD4, MD5, SHA-family, Unix Crypt, MySQL, Cisco PIX, and more [Link].
HexorBase
THC-Hydra
1. A brute-force login cracker that supports numerous protocols: HTTP, FTP, SSH… [Link]
John the Ripper
1. Brute force password hash decrypts [Link].
Johnny
keimpx
Maltego Teeth
Maskprocessor
multiforcer
Ncrack
1. Ncrack is a high-speed network authentication cracking tool developed by the nmap team [Link].
oclgausscrack
ophcrack
PACK
patator
phrasendrescher
polenum
RainbowCrack
rcracki-mt
RSMangler
SecLists
1. A collection of multiple types of lists (passwords list for example) used during security assessments, collected in one place [Link].
SQLdict
Statsprocessor
THC-pptp-bruter
TrueCrack
WebScarab
wordlists
zaproxy
1. The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].

Maintaining Access

CryptCat
Cymothoa
dbd
dns2tcp
HTTPTunnel
Intersect
Nishang
polenum
PowerSploit
1. A collection of PowerShell scripts that can be used in post-exploitation with Evil-WinRM [Link].
pwnat
RidEnum
sbd
shellter
U3-Pwn
Webshells
Weevely
Winexe

Hardware Hacking

android-sdk
apktool
1. It is a reverse engineering tool that decompiles Android APK files [Link].
Arduino
dex2jar
Sakis3G
smali

Reverse Engineering

apktool
1. It is a reverse engineering tool that decompiles Android APK files [Link].
dex2jar
diStorm3
edb-debugger
jad
1. Just another Java decompiler [Link]. See also the Dex2Jar [Link] and JADX [Link].
javasnoop
JD-GUI
OllyDbg
smali
Valgrind
YARA

Reporting Tools

New Release Tools on Kali 2021.1

Airgeddon
1. Audit wireless networks.
AltDNS
1. Generates permutations, alterations, and mutations of subdomains and then resolve them.
Arjun
1. HTTP parameter discovery suite.
Chisel
1. A fast TCP/UDP tunnel over HTTP.
DNSGen
1. Generates a combination of domain names from the provided input.
DumpsterDiver
1. Search secrets in various file types.
GetAllUrls
1. Fetch known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl.
GitLeaks
1. Searches Git repo’s history for secrets and keys.
HTTProbe
1. Take a list of domains and probe for working HTTP and HTTPS servers.
MassDNS
1. A high-performance DNS stub resolver for bulk lookups and reconnaissance [Link].
PSKracker
1. WPA/WPS toolkit for generating default keys/pins.
WordlistRaider
1. Preparing existing wordlists.

New Release Tools on Kali 2022.1

New Release Tools on Kali 2023.1

The list of tools was taken from Kali’s official website [Link] but any comment or observation is personal and may not reflect the truth.

DFT Wiki