DFT Wiki

Categories

• Information Gathering
• Vulnerability Analysis
• Exploitation Tools
• Wireless Attacks
• Forensics Tools
• Web Applications
• Stress Testing
• Sniffing & Spoofing
• Password Attacks
• Maintaining Access
• Hardware Hacking
• Reverse Engineering
• Reporting Tools
• New Release Tools on Kali 2021.1

---

Information Gathering

• ace-voip
• Amap
• APT2
• arp-scan
  • uses the ARP protocol to discover and fingerprint IP hosts on the network layer 2 segment [Link].
• Automater
• bing-ip2hosts
• braa
• CaseFile
• CDPSnarf
• cisco-torch
• copy-router-config
• DMitry
• dnmap
• dnsenum
• dnsmap
• DNSRecon
• dnstracer
• dnswalk
• DotDotPwn
• enum4linux
  • A combination of the Samba tools: smbclient, rpclient, net, and nmblookup used for enumeration [Link].
• enumIAX
• EyeWitness
  • Automates taking screenshots of websites and provide server headers [Link].
• Faraday
• Fierce
• Firewalk
• fragroute
• fragrouter
• Ghost Phisher
• GoLismero
• goofile
• hping3
• ident-user-enum
• InSpy
• InTrace
• iSMTP
• lbd
• Maltego Teeth
• masscan
  • mass SYN stealth scanner, much wilder than Nmap in ways [Link].
• Metagoofil
• Miranda
• nbtscan-unixwiz
• Nikto
  • Webserver scanner for vulnerabilities [Link].
• Nmap
  • Powerful Scanner [Link].
• ntop
• OSRFramework
• p0f
• Parsero
• Recon-ng
  • It is a web reconnaissance framework designed exclusively for web-based open source [Link].
• SET
  • Social Engineering Toolkit is an open-source penetration testing framework with a big number of custom attack vectors [Link].
• SMBMap
  • It allows users to enumerate samba share drives across an entire domain [Link].
• smtp-user-enum
• snmp-check
• SPARTA
• sslcaudit
• SSLsplit
• sslstrip
• SSLyze
• Sublist3r
  • Tool designed to enumerate subdomains of websites using OSINT [Link].
• THC-IPV6
• theHarvester
• TLSSLed
• twofi
• Unicornscan
• URLCrazy
• Wireshark
• WOL-E
• Xplico

Vulnerability Analysis

• BBQSQL
• BED
• cisco-auditing-tool
• cisco-global-exploiter
• cisco-ocs
• cisco-torch
• copy-router-config
• Doona
• DotDotPwn
• HexorBase
• jSQL Injection
• Lynis
  • An auditing tool for Unix-based systems. It scans the system by performing many security control checks [Link].
• Nmap
  • Storage of scripts that use NMAP to analyze networks and their devices. See also Nmap Scripting Engine [Link].
• ohrwurm
• openvas
  • A framework of several services and tools offering vulnerability scanning and vulnerability management [Link].
• Oscanner
• Powerfuzzer
• sfuzz
• SidGuesser
• SIPArmyKnife
• sqlmap
  • automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
• Sqlninja
  • a SQL injection tool that exploits web applications that use a SQL server as a database server [Link].
• sqlsus
  • another open-source SQL injection tool and is basically a MySQL injection and takeover tool [Link].
• THC-IPV6
• tnscmd10g
• unix-privesc-check
• Yersinia
  • A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites among many other network protocol attacks [Link].

Exploitation Tools

• Armitage
  • Graphic interface for MSF [Link].
• Backdoor Factory
• BeEF
  • It is classified as a penetration testing tool that focuses on the web browser but in fact, it is a very malicious tool that can be used to exploit web vulnerabilities. The phishing features are incredible and mimic GMail or Facebook login pages for example [Link].
• cisco-auditing-tool
• cisco-global-exploiter
• cisco-ocs
• cisco-torch
• Commix
• crackle
• exploitdb
  • A local copy (archive) of publicly known exploits [Link].
• jboss-autopwn
• Linux Exploit Suggester
• Maltego Teeth
• Metasploit Framework
  • Metasploit, or MSF for short, is the most popular Pentest Framework [Documentation].
• MSFPC
• RouterSploit
• SET
  • Social Engineering Toolkit is an open-source penetration testing framework with a big number of custom attack vectors [Link].
• ShellNoob
• sqlmap
  • automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
• THC-IPV6
• Yersinia
  • A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites [Link].

Wireless Attacks

• Airbase-ng
• Aircrack-ng
  • an 802.11 WEP and WPA-PSK keys cracking program that can recover keys from captured packets.
• Airdecap-ng and Airdecloak-ng
• Aireplay-ng
  • used to inject wireless frames, generating traffic for later cracking WEP and WPA-PSK keys. It also deauthenticates wireless clients for the purpose of capturing WPA 4-way handshake.
• airgraph-ng
• Airmon-ng
  • enable and disable monitor mode on wireless interfaces.
• Airodump-ng
  • used for packet capturing of raw 802.11 frames. It can collect WEP IVs and WPA2 4-way handshakes.
• airodump-ng-oui-update
• Airolib-ng
• Airserv-ng
• Airtun-ng
• Asleap
• Besside-ng
• Bluelog
• BlueMaho
• Bluepot
• BlueRanger
• Bluesnarfer
• Bully
• coWPAtty
• crackle
• eapmd5pass
• Easside-ng
• Fern Wifi Cracker
• FreeRADIUS-WPE
• Ghost Phisher
• GISKismet
• Gqrx
• gr-scan
• hostapd-wpe
• ivstools
• kalibrate-rtl
• KillerBee
• Kismet
• makeivs-ng
• mdk3
  • exploits common wifi weaknesses, such as brute-force to reveal hidden SSID, beacon flood, authentication DoS, WPA downgrade, cancel all traffic continuously, and more.
• mfcuk
• mfoc
• mfterm
• Multimon-NG
• Packetforge-ng
• PixieWPS
• Pyrit
• Reaver
• redfang
• RTLSDR Scanner
• Spooftooph
• Tkiptun-ng
• Wesside-ng
• Wifi Honey
• wifiphisher
• Wifitap
• Wifite
• wpaclean

Forensics Tools

• Binwalk
  • A tool for analyzing, reverse engineering, and extracting firmware images [Link].
• bulk-extractor
• Capstone
• chntpw
• Cuckoo
• dc3dd
• ddrescue
  • A recovery tool for corrupted data from drives with damaged sectors and blocks [Link].
• DFF
• diStorm3
• Dumpzilla
• extundelete
• Foremost
  • A forensics tool to recover files based on headers and footers from disk or image file [Link].
• Galleta
• Guymager
• iPhone Backup Analyzer
• p0f
• pdf-parser
• pdfid
• pdgmail
• peepdf
• RegRipper
• Volatility
• Xplico

Web Applications

• apache-users
• Arachni
• BBQSQL
• BlindElephant
• Burp Suite
  • Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
• CutyCapt
• DAVTest
• deblaze
• DIRB
• DirBuster
  • Multi-threaded Java application designed to brute force directories and file names on web/application servers [Link].
• fimap
• FunkLoad
• Gobuster
  • a tool to brute-force and discover directories, files, and subdomains [Link].
• Grabber
  • spider/crawler canner and test for SQLi (SQL Injection) and XXS (Cross-Site Scripting).
• hURL
• jboss-autopwn
• joomscan
• jSQL Injection
• Maltego Teeth
• Nikto
  • Webserver scanner for vulnerabilities [Link].
• PadBuster
• Paros
• Parsero
• plecost
• Powerfuzzer
• ProxyStrike
• Recon-ng
  • It is a web reconnaissance framework designed exclusively for web-based open source [Link].
• Skipfish
  • a web site spider/crawler that can also test for various vulnerable parameters and configurations.
• sqlmap
  • automates the process of detecting and exploiting SQL injection flaws and taking over database servers [Link].
• Sqlninja
  • a SQL injection tool that exploits web applications that use a SQL server as a database server [Link].
• sqlsus
  • another open-source SQL injection tool and is basically a MySQL injection and takeover tool [Link].
• ua-tester
• Uniscan
• w3af
• WebScarab
• Webshag
• WebSlayer
• WebSploit
• Wfuzz
  • Another fuzzing tool for testing web applications [Link].
• WhatWeb
  • Gets the fingerprint of the website. It recognizes web technologies blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, embedded devices, and more [Link].
• WPScan
  • WordPress security scanner [Link].
• XSSer
  • an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
• zaproxy
  • The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].

Stress Testing

• DHCPig
• FunkLoad
• iaxflood
• Inundator
• inviteflood
• ipv6-toolkit
• mdk3
  • exploits common wifi weaknesses, such as brute-force to reveal hidden SSID, beacon flood, authentication DoS, WPA downgrade, cancel all traffic continuously, and more.
• Reaver
• rtpflood
• SlowHTTPTest
• t50
• Termineter
• THC-IPV6
• THC-SSL-DOS

Sniffing & Spoofing

• bettercap
  • Alternative to Ettercap, with additional features such as WIFI [Link].
• Burp Suite
  • Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
• DNSChef
• fiked
• hamster-sidejack
• HexInject
• iaxflood
• inviteflood
• iSMTP
• isr-evilgrade
• mitmproxy
• ohrwurm
• protos-sip
• rebind
• responder
  • It comes embedded in Kali and poisons the Windows network with an automatic responder for any broadcast request saying ‘that is me!’ and immediately ask for the hash of the credentials. This type of attack is known as LLMNR/NBT-NS/DNS/MDNS [Link].
• rtpbreak
• rtpinsertsound
• rtpmixsound
• sctpscan
• SIPArmyKnife
• SIPp
• SIPVicious
• SniffJoke
• SSLsplit
• sslstrip
• THC-IPV6
• VoIPHopper
• WebScarab
• Wifi Honey
• Wireshark
  • The Swiss army knife of packet sniffer [Link].
• xspy
• Yersinia
  • A DHCP Starvation attacking tool. One attached can make the DHCP server inoperative and act as the DHCP server of the network, usually assigning itself as the DNS server and directing the users to malicious websites among many other network protocol attacks [Link].
• zaproxy
  • The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].

Password Attacks

• BruteSpray
• Burp Suite
  • Burp Suite is a scanner and analyzer for vulnerabilities. It uses a proxy, and as a man-in-the-middle edits and repeats requests, decodes data, and more to the traffic [Link]. FoxyProxy is an add-on that automates setting up the proxy on and off on the browser [Link].
• CeWL
• chntpw
• cisco-auditing-tool
• CmosPwd
• creddump
• crowbar
• crunch
• findmyhash
• gpp-decrypt
  • This tool decrypts and extracts the password from the GPP (Group Policy Preferences) file.
• hash-identifier
  • Identifys what type of hash is based on a sample.
• Hashcat
  • Smart brute force password cracker but also used as a “password recovery tool”. It supports hashing algorithms like LM, MD4, MD5, SHA-family, Unix Crypt, MySQL, Cisco PIX, and more [Link].
• HexorBase
• THC-Hydra
  • A brute-force login cracker that supports numerous protocols: HTTP, FTP, SSH… [Link]
• John the Ripper
  • Brute force password hash decrypts [Link].
• Johnny
• keimpx
• Maltego Teeth
• Maskprocessor
• multiforcer
• Ncrack
  • Ncrack is a high-speed network authentication cracking tool developed by the nmap team [Link].
• oclgausscrack
• ophcrack
• PACK
• patator
• phrasendrescher
• polenum
• RainbowCrack
• rcracki-mt
• RSMangler
• SecLists
  • A collection of multiple types of lists (passwords list for example) used during security assessments, collected in one place [Link].
• SQLdict
• Statsprocessor
• THC-pptp-bruter
• TrueCrack
• WebScarab
• wordlists
• zaproxy
  • The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications [Link].

Maintaining Access

• CryptCat
• Cymothoa
• dbd
• dns2tcp
• HTTPTunnel
• Intersect
• Nishang
• polenum
• PowerSploit
  • A collection of PowerShell scripts that can be used in post-exploitation with Evil-WinRM [Link].
• pwnat
• RidEnum
• sbd
• shellter
• U3-Pwn
• Webshells
• Weevely
• Winexe

Hardware Hacking

• android-sdk
• apktool
  • It is a reverse engineering tool that decompiles Android APK files [Link].
• Arduino
• dex2jar
• Sakis3G
• smali

Reverse Engineering

• apktool
  • It is a reverse engineering tool that decompiles Android APK files [Link].
• dex2jar
• diStorm3
• edb-debugger
• jad
  • Just another Java decompiler [Link]. See also the Dex2Jar [Link] and JADX [Link].
• javasnoop
• JD-GUI
• OllyDbg
• smali
• Valgrind
• YARA

Reporting Tools

• CaseFile
• cherrytree
• CutyCapt
• dos2unix
• Dradis
• MagicTree
• Metagoofil
• Nipper-ng
• pipal
• RDPY

New Release Tools on Kali 2021.1

• Airgeddon
  • Audit wireless networks.
• AltDNS
  • Generates permutations, alterations, and mutations of subdomains and then resolve them.
• Arjun
  • HTTP parameter discovery suite.
• Chisel
  • A fast TCP/UDP tunnel over HTTP + WebSocket [Link].
• DNSGen
  • Generates a combination of domain names from the provided input.
• DumpsterDiver
  • Search secrets in various file types.
• GetAllUrls
  • Fetch known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl.
• GitLeaks
  • Searches Git repo’s history for secrets and keys.
• HTTProbe
  • Take a list of domains and probe for working HTTP and HTTPS servers.
• MassDNS
  • A high-performance DNS stub resolver for bulk lookups and reconnaissance [Link].
• PSKracker
  • WPA/WPS toolkit for generating default keys/pins.
• WordlistRaider
  • Preparing existing wordlists.

New Release Tools on Kali 2022.1

• dnsx
  • A multi-purpose DNS toolkit that allows users to run multiple DNS queries
• email2phonenumber
  • An OSINT tool for discovering a target’s phone number if you have just their email address
• naabu
  • A simple and reliable port scanner
• nuclei
  • Targeted scanning based on templates
• PoshC2
  • A proxy-aware C2 framework with post-exploitation and lateral movement
• proxify
  • A Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay

New Release Tools on Kali 2023.1

• Arkime
  • Packet Capture
• CyberChef
  • Tool for Encryption
• DefectDojo
  • Vulnerability Data Report
• Dscan
  • Scanner
• Kubernetes-Helm
  • Kubernetes Package Manager
• PACK2
  • Attack Tool
• Redeye
  • Analytic tool
• Unicrypto
  • Cryptographic Libraries
• Ciphey

New Release Tools on Kali 2024.1

• blue-hydra
  • Bluetooth device discovery service
• opentaxii
  • TAXII server implementation from EclecticIQ
• readpe
  • Command-line tools to manipulate Windows PE files
• snort
  • Flexible Network Intrusion Detection System

The list of tools was taken from Kali’s official website [Link] but any comment or observation is personal and may not reflect the truth.