A guide to using Kali Linux tools for web penetration testing, ethical hacking, forensics, and bug bounty. Covers setup, key tools, methodologies, and best practices. Optimized for security professionals.
Note
This repository contains tools and scripts sourced from various GitHub repositories and other open-source platforms. All original works are credited to their respective authors. If you are the owner of any content and wish to have it removed, please contact the repository author directly. This project is intended for educational and ethical purposes only. Unauthorized use, distribution, or modification of these tools without proper consent is prohibited. By using this repository, you agree to comply with all applicable laws and ethical guidelines. The author is not responsible for any misuse or damage caused by the tools provided herein.
- dnsenum: Multithreaded tool for DNS enumeration.
- dnsmap: Subdomain brute-forcing tool.
- dnsrecon: Perform DNS enumeration and zone transfers.
- fierce: DNS reconnaissance tool for locating non-contiguous IP space.
- lbd: Load Balancer Detector for identifying load balancers.
- wafw00f: Detect web application firewalls (WAFs).
- arping: ARP-level ping to find live hosts on a network.
- fping: High-performance ping sweep tool.
- hping3: TCP/IP packet assembler for testing network security.
- masscan: Mass IP scanner with fast scanning speed.
- netcat: General-purpose network analysis and debugging tool.
- thc-ipv6: Is a suite of tools for attacking and auditing IPv6 networks. Imp Tool for bug bounty.
- unicornscan: Network reconnaissance and port scanner.
- maltego: Open-source intelligence and forensics platform.
- spiderfoot: Automated OSINT tool for threat intelligence.
- recon-ng: OSINT framework for automated reconnaissance.
- netdiscover: Active/passive reconnaissance tool for networks.
- netmask: Analyzes and manages IP subnets.
- ssldump: Analyzes SSL connections.
- sslh: Multiplexer for SSL and non-SSL connections.
- sslscan: Tests SSL/TLS ciphers and vulnerabilities.
- sslyze: Audits SSL/TLS configurations.
- amass: Subdomain enumeration tool.
- dmitry: Deepmagic Information Gathering Tool.
- ike-scan: Identifies VPN servers and devices using IKE.
- generic_chunked: Checks for vulnerabilities in chunked encoding.
- voiphopper: Tests VLAN hopping in VoIP networks.
- nikto: Web server vulnerability scanner.
- unix-privesc-check: Identifies privilege escalation paths on Unix systems.
- cutycapt: Captures web screenshots.
- dirb: Scans directories and files on web servers.
- dirbuster: Directory brute-forcing tool.
- ffuf: Fuzzing web applications for vulnerabilities.
- cadaver: WebDAV command-line client.
- davtest: Tests WebDAV servers for vulnerabilities.
- skipfish: Automated web application security scanner.
- wapiti: Scans web applications for vulnerabilities.
- whatweb: Identifies technologies used by websites.
- wpscan: WordPress security scanner.
- burpsuite: Comprehensive web vulnerability scanner.
- commix: Automates exploitation of command injection.
- webshells: Backdoor web shells for post-exploitation.
- sqlmap: Automates detection and exploitation of SQL injection flaws.
- chntpw: Resets Windows passwords.
- hash-identifier: Identifies hash types.
- hashcat: GPU-accelerated password cracker.
- hashid: Identifies types of hash values.
- john: Password cracking tool (John the Ripper).
- ophcrack-cli: Cracks Windows passwords using LM/NT hashes.
- samdump2: Extracts hashes from Windows SAM files.
- truecrack: Cracks TrueCrypt containers.
- hydra: Parallelized network login cracker.
- medusa: Fast network brute-forcing tool.
- ncrack: High-speed network authentication cracker.
- thc-pptp-bruter: Cracks PPTP VPN logins.
- crackmapexec: Post-exploitation and penetration testing tool.
- evil-winrm: Remote administration tool for Windows.
- mimikatz: Extracts credentials from memory.
- smbmap: Enumerates and interacts with SMB shares.
- xfreedp: Exploits Remote Desktop Protocol (RDP).
- cewl: Generates wordlists from web content.
- crunch: Creates custom wordlists.
- rsmangler: Generates mutations of input wordlists.
- wordlists: Pre-compiled lists of common passwords for attacks.
- bully: A tool for exploiting WPS vulnerabilities in Wi-Fi networks.
- fern-wifi-cracker: A GUI tool for testing wireless network security, focusing on WPA/WPA2 cracking.
- wash: A tool for discovering WPS-enabled routers to exploit.
- spooftooph: Bluetooth hacking tool for sniffing, spoofing, and cracking Bluetooth devices.
- aircrack-ng: A suite for monitoring, attacking, testing, and cracking Wi-Fi networks.
- kismet: A wireless network detector, sniffer, and intrusion detection system.
- pixiwps: A tool for exploiting weak WPS pins on routers using Pixie Dust attack.
- reaver: A tool for breaking WPS PINs and cracking WPA2 networks.
- wifite: Automated tool for cracking WEP and WPA wireless networks using various attacks.
- clang: A compiler that translates C/C++ code to machine code for debugging and reverse engineering.
- clang++: A C++ compiler based on Clang, used for reverse engineering.
- msf-nasm_shell: A Metasploit tool for writing and testing shellcode.
- radare2: A framework for reverse engineering and analyzing binaries.
- crackmapexec: A tool for pentesters to automate exploitation of Windows networks.
- metasploit-framework: A powerful framework for developing and executing exploit code.
- msfpc: A Metasploit Payload Creator for creating reverse shells.
- searchsploit: A command-line tool for searching Exploit-DB's public exploits.
- setoolkit: A social engineering framework used for phishing, credential harvesting, and more.
- sqlmap: An automated tool for detecting and exploiting SQL injection vulnerabilities.
- dnschef: A DNS proxy tool used for manipulating DNS queries.
- dsniff: A collection of network tools for monitoring and spoofing network traffic.
- netsniff-ng: A high-performance network analyzer and packet sniffer.
- dns-rebind: A tool for DNS rebinding attacks to bypass security measures.
- sslsplit: A tool for intercepting and decrypting SSL/TLS traffic.
- tcpreplay: A tool to replay captured network traffic for testing purposes.
- ettercap-pkexec: A man-in-the-middle attack tool that supports sniffing and spoofing.
- macchanger: A tool for changing the MAC address of network interfaces.
- minicom: A terminal emulation program for interacting with serial devices.
- responder: A tool for poisoning name resolution protocols in local networks.
- scapy: A Python-based tool for packet crafting and network exploration.
- tcpdump: A packet capture tool for network traffic analysis.
- dbd: Database dump tool for extracting data after system compromise.
- powersploit: A collection of PowerShell scripts used for post-exploitation tasks in Windows environments.
- sbd: A tool for creating secure backdoors over DNS queries.
- dns2tcpc: A tool for tunneling TCP traffic over DNS queries to bypass firewalls.
- dns2tcpd: A server-side tool for handling DNS-based TCP tunneling.
- exe2hex: Converts executable files into hex format for easy manipulation in memory.
- iodine-client-start: A client for DNS tunneling, allows IP over DNS-based network communication.
- miredo: A Teredo (IPv6 over IPv4) tunneling daemon for creating a VPN-like connection.
- proxychains4: A tool for forcing network connections to go through proxy servers.
- proxytunnel: A tool that tunnels HTTPS traffic through an HTTP proxy.
- ptunnel: A tool to create a tunnel over ICMP for bypassing firewalls.
- pwnat: A NAT traversal tool for reverse shells and remote control via NATed networks.
- sslh: A protocol multiplexer that allows services like HTTPS, SSH, and OpenVPN to share the same port.
- stunnel4: A tool for creating secure SSL/TLS tunnels to protect unencrypted services.
- udptunnel: A tool for tunneling UDP traffic through a firewall.
- laudanum: A covert channel tool for encrypting and tunneling data over a network.
- weeevely: A web shell for maintaining access and performing post-exploitation activities.
- evil-winrm: A PowerShell-based remote management tool for exploiting Windows systems.
- magicrescue: A tool for recovering files from damaged filesystems.
- scalpel: A file carving tool for recovering files from disk images.
- scrounge-ntfs: A tool for recovering deleted NTFS files.
- guymager: A forensic imaging tool for creating disk images and performing hash verification.
- pdf-parser: A tool for parsing and analyzing PDF files to extract data or metadata.
- pdfid: A tool for identifying the structure and objects in PDF files.
- autopsy: A digital forensics tool for analyzing hard drives and smartphones for evidence.
- binwalk: A tool for analyzing and extracting data from firmware images.
- bulk_extractor: A tool for extracting useful data from large data sets, such as disk images.
- hashdeep: A tool for computing and verifying hash values of files in a directory.
- cherrytree: A hierarchical note-taking application for organizing notes and information.
- cutycapt: A tool for capturing screenshots of web pages and converting them to images.
- pipal: A tool for analyzing password statistics from password dumps to assess password security.
- msfpc: A Metasploit Payload Creator for social engineering attacks, creating reverse shells.
- setoolkit: The Social-Engineer Toolkit for automating social engineering attacks like phishing and credential harvesting.
