Top 20 Must Have Pentesting Tools in Kali Linux 2.0

Screenshot_124-800x445

Hi everyone ,I have surfed the internet for the best tools which are used in Kali Linux 2.0.These tools are must have tools for every hacker who uses Kali Linux any version preferably 2.0.

1. Metasploit

2ENTk2K2
This is the foremost advanced and fashionable Framework that may be accustomed for pen-testing. it's supported the thought of ‘exploit’ that may be a code that may surpass the safety measures and enter an exact system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, therefore making the right framework for penetration testing.
It is used on net applications, networks, servers etc. it's a command-line and a graphical user interface clickable interface, works on Linux, Apple mac OS X and Microsoft Windows. this can be a commercial product, though there can be free restricted trials offered.

2. Armitage

titleArmitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.
Through one Metasploit instance, your team will:

  • Use the same sessions
  • Share hosts, captured data, and downloaded files
  • Communicate through a shared event log.
  • Run bots to automate red team tasks.

3. Wireshark

Wireshark_icon.svg/This is basically a network protocol analyzer –popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility./

4. Burpsuite

burpsuite/Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective. Take a look at it on below download page. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc.  You can use this on Windows, Mac OS X and Linux environments./

5. Acunetix

gNZYvNn5/Acunetix is essentially a web vulnerability scanner targeted at web applications. It provides SQL injection, cross site scripting testing, PCI compliance reports etc. along with identifying a multitude of vulnerabilities. While this is among the more ‘pricey’ tools./

6. John The Ripper
jtr/Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form./

7. Social Engineer Toolkit

set/The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons.  It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows./

8. Nmap

nmap-logo-256x256/“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc.  It works on most of the environments and is open sourced./

9. BeEF

1214850/BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows./

10. Aircrack-ng

aircrack-ng-new-logo/Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools./
In fact, Aircrack-ng is a set of tools for auditing wireless networks.

11. Sqlmap

sqlmap/Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms./

12. Ettercap

ettercap-english-1/Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows./

13. Hydra

xhydra/Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely./
/It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP./

14. Maltego

splash303-new3/Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company./

15. Nikto

m_KaliNikto/Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers./

16. Sqlninja

logo/Sqlninja, as the name indicates is all about taking over the DB server using SQL injection in any environment. This product by itself claims to be not so stable its popularity indicates how robust it is already with the DB related vulnerability exploitation. It has a command-line interface, works on Linux, Apple Mac OS X and not on Microsoft Windows./

17. HaCoder.py

12196139_117521298609075_5015584866505144610_n/HaCoder.py is Python based FUD RAT (fully undetectable remote administration tool) used for remote control infected PC. It’s coded by Luka Sikic using Python socket programming. Credits goes to Technic Dynamic for idea about AES Encrypted communication between infected PC and control machine. Download Here./

18. CORE Impact

IMPACT.logo-300x81/CORE Impact Pro can be used to test mobile device penetration, network/network devise penetration, password identification and cracking, etc. It has a command-line and a GUI clickable interface, works Microsoft Windows. This is one of the expensive tools in this line./

19. Canvas

logo_canvasNetwork/Immunity’s CANVAS is a widely used tool that contains more than 400 exploits and multiple payload options. It renders itself useful for web applications, wireless systems, networks etc. It has a command-line and GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is not free of charge and can more information can be found at below page./

20. Retina

Retina-logo/As opposed to a certain application or a server, Retina targets the entire environment at a particular company/firm. It comes as a package called Retina Community. It is a commercial product and is more of a vulnerability management tool more than a pen-testing tool. It works on having scheduled assessments and presenting results. Check out more about this package at below page./
Credits : TheHackersBoard

Charan G is an engineering student who is pursuing his 4th year of Computer Science & Engineering degree in Chennai,India.He is a person who loves Ethical Hacking and Network Security but he is a beginner,probably still learning and he has started blogging and vlogging to share his knowledge and experience to the outer world.

Share this

Related Posts

Previous
Next Post »