Kali Linux uses many kinds of penetration tools to assess the security situation of your devices and networks. Whether you are looking to advance your career as an ethical tester or find the vulnerabilities of your systems, these powerful tools yield excellent results. Almost all of them should be accessible from the main Kali Linux terminal.
Note: if you are an ethical tester, you must have the necessary permissions to access another person’s device, unless you’re testing on your own devices.
1. Metasploit Framework
A Metasploit framework is a very common penetration tool. Its purpose is to discover any potential vulnerabilities in a system. If the penetration test is successful, the Metasploit can be used to access devices such as Android phones and cameras, which we have previously covered in detail.
The framework is launched in combination with ” MSFvenom,” “Meterpreter,” and other payloads. If a Metasploit attack cannot bypass your phone or other device’s security, it means the device manufacturer has tested for this attack vector.
2. Hydra
If you’ve just started out with Kali Linux, Hydra is a very useful penetration tool used for guessing or cracking valid login and password pairs. In one of the techniques it uses, there is a comprehensive list of dictionary attacks and saved passwords in a file saved in the “root” folder. By reading the passwords from the list, Hydra will try to match them with the network’s login account. This helps security researchers understand if very simple login and password pairs were used.
3. Findmyhash
Findmyhash is a Python-based executable which tries to determine the hash values of target passwords through brute testing. The penetration can be directed against hashes listed on a website’s saved list of user credentials. What this basically means is that if a website is transferring unencrypted data, this tool will help you assess the loopholes. Modern websites use encrypted traffic.
4. John the Ripper
John the Ripper is a very common password penetration tool which Kali Linux uses as a default cracker. It is free and open source, and its main purpose is to detect weak and unreliable passwords. A default password list for John the Ripper can be found in the “user” folder of Kali Linux.
5. Fern Wi-Fi Cracker
Do you want to know if your Wi-Fi network is accessible to outsiders? One way to find out is to use Fern Wi-Fi cracker in combination with Kali Linux. As soon as you enable the “active” Wi-Fi scan node, it will determine a list of nearby Wi-Fi networks.
In the next step you will be able to review the access point details and launch a penetration attack to deauthenticate the network. If the Wi-Fi network is unencrypted or a weak password is used, then it means the Wi-Fi network is vulnerable to attacks.
6. exploitdb
exploitdb contains a comprehensive list of penetration attacks on all kinds of devices and operating systems. From Linux, macOS, Windows, and web-based systems, the attacks can be launched directly from the Kali Linux terminal. For example, it is useful in knowing the defenses of your websites and devices against SQL injection attacks.
7. Crackle
Crackle is another tool used to determine the backdoor access to a network through temporary key (TK) guessing. It is a brute force attack that assesses whether a system’s authentication account needs to be changed.
8. Routersploit
Do you have an old router? Are you concerned that it may be visible to hackers? Routersploit is an exploit that assesses the identified vulnerabilities of routers as well as other embedded devices. It launches what is known as a “misfortune cookie” on a target IP address. (To learn an IP address in Kali Linux, enter #ifconfig.) If the target is not vulnerable, then there are no results.
9. Macchanger
If you are able to remotely access the MAC address of the target device (usually through Metasploit or Hydra attacks discussed above), then you can use Macchanger to determine whether its MAC address can be changed. This penetration tool is useful in assessing whether your system is vulnerable to MAC spoofing and other attacks.
10. Autopsy
Autopsy is a digital forensics tool that helps us determine the integrity of various files and passwords. When you launch the tool, it will ask you to paste a URL in an HTML browser such as “Iceweasel.” Once you do that, follow the next steps to know what happened with your files and passwords and whether anyone had tried to access them.
11. sqlmap
sqlmap is an open source tool that helps determine whether your database servers can be penetrated through SQL injection attacks. It checks for vulnerabilities in a comprehensive suite of SQL and Nosql databases including Oracle, MySql, SAP, Microsoft Access, IBM DB2, and more.
12. sqlninja
In contrast to sqlmap, which targets all SQL and NoSQL databases, sqlninja is used to penetrate applications built on Microsoft SQL Server. The penetration test is for web-based systems mostly.
13. Proxystrike
Proxystrike is used in proxy listening attacks for web applications. It is a sniffing tool that determines as many vulnerabilities that exist in Javascript-based applications. If you are concerned about server-side attacks on your user credentials, this tool is useful.
14. Sparta
Sparta is a very common toolkit that enumerates all the IP addresses in a given range, scanning them for potential “found usernames and passwords.” You can see the progress of the scans in a log file.
Sparta uses Wordlist attacks similar to John the Ripper and Hydra to determine any vulnerable IP address.
15. Kismet
Kismet is a wireless network detector, sniffer, and intrusion detection tool. It is used to determine the values of a network through summaries and whether some or other systems are unencrypted.
16. Skipfish
Skipfish is a very common tool that does a reconnaissance of your entire network through dictionary-based probes and wordlist penetration attempts.
17. Searchsploit
Searchsploit is an easily accessible command line tool that can help perform security assessments offline on your local repository. It can search for any malware files and payloads which may have been inserted in your system by attackers. Thus, it helps keep your Kali Linux system in good health.
18. Radare
Radare is a reverse engineering penetration test. It is a very advanced tool for determining registry level attacks and debugging of files.
19. Nmap
Nmap is a common tool that produces scan reports for network host uptime (as shown here), security auditing, network inventory management, and debugging.
20. Wireshark
Wireshark is a very popular tool with Kali Linux. It is a network protocol analyzer that captures live data of all possible network connections and interfaces. By using Wireshark and knowing what is in your network on a microscopic level, you will be able to secure your network against many kinds of attacks.
21. Arduino Device Attacks
Kali Linux can be used to penetrate test device systems such as Arduino hardware. For this, open the social engineering test (SET) tool and select Arduino-based attack vector.
In the next screen, select the kind of Arduino payload you want to inject. If the system determines a vulnerability, it will give a positive count.
Kali Linux is readily used by many ethical testers to evaluate the integrity of their devices, data, and networks from many perspectives. Before you can use it, you need to install it or run it from a LiveCD.
The above list is a major selection of commonly used penetration tools. In the future, we will discuss more of these tools in greater depth and detail.