Kali Linux offers a number of customized tools designed for Penetration Testing. Tools are categorized in the following groups as seen in the drop-down menu shown in the following screenshot:
Information Gathering: These are Reconnaissance tools used to gather data on your target network and devices. Tools range from identifying devices to protocols used.
Examples: – nmap, p0f, recon-ng, arp-scan, dnsenum, fragrouter, golismero, masscan etc…
Vulnerability Analysis: Tools from this section focus on evaluating systems for vulnerabilities. Typically, these are run against systems found using the Information Gathering Reconnaissance tools.
Examples: – BED, cisco-ocs, cisco-torch, jSQL, Openvas etc….
Web Applications: These are tools used to audit and exploit vulnerabilities in web servers. Many of the audit tools we will refer to in this book come directly from this category. However web applications do not always refer to attacks against web servers, they can simply be web-based tools for networking services. For example, web proxies will be found under this section.
Examples: – SQLMap ,jboss-autopwn, dirbuster, jSQL, plecost, sqlninja, wpscan, XSSer etc….
Password Attacks: This section of tools primarily deals with brute force or the offline computation of passwords or shared keys used for authentication.
Examples: – Burp Suite, crunch, Hashcat, John the Ripper, Ncrack etc….
Wireless Attacks: These are tools used to exploit vulnerabilities found in wireless protocols. 802.11 tools will be found here, including tools such as aircrack, airmon, and wireless password cracking tools. In addition, this section has tools related to RFID and Bluetooth vulnerabilities as well. In many cases, the tools in this section will need to be used with a wireless adapter that can be configured by Kali to be put in promiscuous mode.
Examples: – Aircrack-ng, Asleap, coWPatty, Fern, hostapd-wpe, mdk3, Reaver, Wifite etc…
Exploitation Tools: These are tools used to exploit vulnerabilities found in systems. Usually, a vulnerability is identified during a Vulnerability Assessment of a target.
Examples: – Armitage, Metasploit Framework, SET, Router Sploit, Yersinia etc…
Sniffing and Spoofing: These are tools used for network packet captures, network packet manipulators, packet crafting applications, and web spoofing. There are also a few VoIP reconstruction applications.
Examples: – Burp Suite, Responder, Ettercap, SSLStrip, Dsniff, Wireshark etc…
Maintaining Access: Maintaining Access tools are used once a foothold is established into a target system or network. It is common to find compromised systems having multiple hooks back to the attacker to provide alternative routes in the event a vulnerability that is used by the attacker is found and remediated.
Examples: – http tunnel, Intersect, Dns2tcp, SBD, Weevely etc…
Reverse Engineering: These tools are used to disable an executable and debug programs. The purpose of reverse engineering is analyzing how a program was developed so it can be copied, modified, or lead to development of other programs. Reverse Engineering is also used for malware analysis to determine what an executable does or by researchers to attempt to find vulnerabilities in software applications.
Examples: – Dex2jar, Ollydbg, Smali, Yara, Apktool etc…
Stress Testing: Stress Testing tools are used to evaluate how much data a system can handle. Undesired outcomes could be obtained from overloading systems such as causing a device controlling network communication to open all communication channels or a system shutting down (also known as a denial of service attack).
Examples: – iaxflood, DHCPig, t50, Termineter, ipv6-toolkit etc…
Hardware Hacking: This section contains Android tools, which could be classified as mobile, and Ardunio tools that are used for programming and controlling other small electronic devices.
Examples: – Android-sdk, Apktool, Arduino, Sakis3G etc…
Forensics: Forensics tools are used to monitor and analyze computer network traffic and applications.
Examples: – Cuckoo, dlstorm3, p0f, pdf-parser, peepdf, exiftool etc….
Reporting Tools: Reporting tools are methods to deliver information found during a penetration exercise.
Examples: – Casefile, Nipper-ng, RDPY, Dradis etc….
System Services: This is where you can enable and disable Kali services. Services are grouped into BeEF, Dradis, HTTP, Metasploit, MySQL, and SSH.
There are other tools included in the Kali Linux build such as web browsers, quick links to tune how the Kali Linux build is seen on the network, search tools, and other useful applications.