Practical Tutorial For Best 15 Pentest Tools In Kali Linux 2.0
Wondering which software or tools is used for hacking or penetration testing (pentest)? Which is the best operating system for pentesting?, I hope my regular readers know about Kali Linux because there is a lot of kali tutorials and articles around this website. Yes, Kali Linux is my favorite Operating System for pentest and recently Offensive security team has released their new version Kali Linux 2.0 and its incredible. Kali Linux already coming with 300+ tools and here we have created a list of best 15 pentest tools.
Also Read: Installing Hacker’s OS Kali Linux In VMware (Beginners Guide With Screenshots)
Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Some people recommend minimum knowledge of few programming languages like C, Python, HTML with Unix operating system concepts and networking knowledge is required to start learning hacking techniques.
Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. You must have a passion and positive attitude towards problem solving. The security softwares are constantly evolving and therefore you must keep learning new things with a really fast pace.
What is new in Kali Linux 2.0 ?
Kali Linux is an incredibly powerful tool for testing network vulnerabilities and today it’s getting a lot easier to use with a new interface, automatic updates, and more. As i said before Kali Linux distro has lot of pre-installed tools but what is new in Kali Linux 2.0 version?. Lot of my readers got this doubt and they are also asking how to upgrade to new version, for those i have posted a detailed article about Kali Linux 2.0 and let’s check it out here: Improved Features Of New Kali Linux 2.0 And How To Upgrade To It
Anyway it is time to look into the tools, i prefer newbies to go through the tutorials also so you will get the concept of those tools and for what purposes that tools are used for.
Metasploit is a framework of exploits, shellcodes, fuzzing tools, payloads,encoders etc. More over we can regard it as a collection of exploitation tools bundled into a single framework. It is avaliable in all major Linux, Windows, OS X platforms. It’s main objective is to test your/company’s/organization’s defences by attacking them. Something like “Offense for Defense”. This is actually where a penetration tester/Security Analyst begins attacking the victim after a huge recon. Metasploit has a wide range of tools & utilities to perform attacks agianst all operating systems including Android & iOS.
Tutorial: Introduction to using Metasploit in Kali Linux
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.
Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.
Through one Metasploit instance, your team will:
- Use the same sessions
- Share hosts, captured data, and downloaded files
- Communicate through a shared event log.
- Run bots to automate red team tasks.
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.
Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and headerdata. This information can be useful for evaluating security events and troubleshooting network security device issues. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility.
Tutorial: Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark
BurpSuite is an integration of tools that work together to perform security tests on web applications. It is also a platform for attacking applications on the web. Burp Suite contains all the Burp interfaces and tools made for speeding up and facilitating the process of application attacks. Every Burp Suite tool contains the same robust framework for extensibility, alerting, logging, upstream proxies, authentication, persistence and HTTP requests.. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc. You can use this on Windows, Mac OS X and Linux environments.
Tutorial: Setting Up BurpSuite Web Hacking Tool with Firefox and FoxyProxy
Acunetix mainly aimed at web applications and related content, the software is able to scan for and detect a wide range of exposures, many of which are common to several environments.
For instance, with Acunetix Web Vulnerability Scanner it is possible to find out if a system is exposed to various types of code injection and execution, as well as to the widespread cross-site scripting (XSS) attacks.
Tutorial: Check Your Website Security Using Acunetix Web Vulnerability Scanner Tool
6. John The Ripper
Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form.
Tutorial: Easy Way To Crack Password Using John The Ripper In Kali Linux
7. Social Engineer Toolkit
The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons. It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows.
Tutorial: Beginners Guide: What is Hacking and How to Become a Social Engineer
“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced.
Tutorial: Nmap Tutorial: How To Hack ADSL Router Using NMAP Tool
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows.
Tutorial: Kali Linux Tutorial: Hack A Web Browser Using BeEF
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.
Tutorial: Kali Linux Tutorial: Wireless Auditing with Aircrack-ng, Reaver, and Pixiewps
Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms.
Tutorial: How to Hack Website Using Sql Map in Kali Linux – Sql Injection
Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.
Tutorial: Man In The Middle Attack Using Ettercap In Kali Linux
Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Tutorial: How to Crack Online Passwords Using THC-Hydra in Kali Linux
Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company.
Tutorial: Kali Linux Tutorial: Using Maltego Tool To Scan Network And Finding IP
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
Tutorial: Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto
A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Its true that some common types of hacking can be easily done with help of tools, however doing it does not really make you a hacker. A true hacker is the one who can find a vulnerability and develop a tool to exploit and/or demonstrate it.