Kali Linux, It is the most important operating system for the hackers and it is very powerful linux distribution and even it is my favorite operating system,but also many hackers and pentesters choosing kali linux as their favorite hacking tool
The main reason for choosing kali linux operating system because it has 600+ hacking tools and developed by offensiive security team ,so i am gonna to tell about top 10 kali linux hacking tools i liked the most in kali linux
Here i am giving tutorials for each hacking tools so it will be easy for every body can understand it well
If you want to know more about Kali Linux then first read this article first
KALI LINUX | PENETRATION TESTING AND ETHICAL HACKING LINUX
Aircrack-ng
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Burpsuite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Hydra
Hydra, now in version 8.1 and last updated December 12th 2014, is a very well-known and respected network log on cracker which can support many different services. (Similar projects and tools include medusa and John The Ripper).
Hydra is a brute force password cracking tool. In information security (IT security), password cracking is the methodology of guessing passwords from databases that have been stored in or are in transit within a computer system or network. A common approach, and the approach used by Hydra and many other similar pentesting tools and programs is referred to as Brute Force. We could easily do a Concise Bytes on ‘Brute Force Hacking’ but since this post is all about Hydra let’s place the brute-force attack concept within this password-guessing tool
JOHN
Out of the box, John supports (and autodetects) the following Unix
crypt(3) hash types: traditional DES-based, “bigcrypt”, BSDI extended
DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and
OpenBSD Blowfish-based (now also used on some Linux distributions and
supported by recent versions of Solaris). Also supported out of the box
are Kerberos/AFS and Windows LM (DES-based) hashes, as well as DES-based
tripcodes.
When running on Linux distributions with glibc 2.7+, John 1.7.6+ additionally supports (and autodetects) SHA-crypt hashes (which are actually used by recent versions of Fedora and Ubuntu), with optional OpenMP parallelization (requires GCC 4.2+, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile).
Similarly, when running on recent versions of Solaris, John 1.7.6+ supports and autodetects SHA-crypt and SunMD5 hashes, also with optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile and at runtime by setting the OMP_NUM_THREADS environment variable to the desired number of threads).
John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.
Maltego
Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego's unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.
With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your "environment" is not always clear or complete. In fact, most often it's not what we know that is harmful - it's what we don't know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based?
Maltego offers the user with unprecedented information. Information is leverage. Information is power. Information is Maltego.
Metasploit framework
Metasploit
has become over the years the best framework to conduct penetration
testing on network systems and IT infrastructure. The Metasploit
Project, or better known as simply '' is a hugely popular pentesting or
hacking tool that is used by cyber security professionals and ethical
hackers. Metasploit is essentially a computer security project that
supplies information about known security vulnerabilities and helps to
formulate penetration testing and IDS testing
The basic steps for exploiting a system using the Framework include:
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.
NMAP
Nmap ("Network Mapper") is a free and open source
(license) utility for
network discovery and security auditing. Many systems and network
administrators also find it useful for tasks such as network
inventory, managing service upgrade schedules, and monitoring host or
service uptime. Nmap uses raw IP packets in novel ways to determine
what hosts are available on the network, what services (application
name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It
was designed to rapidly scan large networks, but works fine against
single hosts. Nmap runs on all major computer operating systems, and
official binary packages are available for Linux, Windows,and Mac OS
X
OWASP-ZAP
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security
experience and as such is ideal for developers and functional testers
who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
It comes with a powerful detection engine, many
niche features for the ultimate penetration tester and a broad range of
switches lasting from database fingerprinting, over data fetching from
the database, to accessing the underlying file system and executing
commands on the operating system via out-of-band connections.
Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal
Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version, to implement its user interface, and using pcap to capture packets; it runs on Linux, OS X, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows.
There is also a terminal-based (non-GUI) version called TShark.
Wireshark
The main reason for choosing kali linux operating system because it has 600+ hacking tools and developed by offensiive security team ,so i am gonna to tell about top 10 kali linux hacking tools i liked the most in kali linux
Here i am giving tutorials for each hacking tools so it will be easy for every body can understand it well
If you want to know more about Kali Linux then first read this article first
KALI LINUX | PENETRATION TESTING AND ETHICAL HACKING LINUX
Aircrack-ngAircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Burpsuite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Hydra
Hydra, now in version 8.1 and last updated December 12th 2014, is a very well-known and respected network log on cracker which can support many different services. (Similar projects and tools include medusa and John The Ripper).
Hydra is a brute force password cracking tool. In information security (IT security), password cracking is the methodology of guessing passwords from databases that have been stored in or are in transit within a computer system or network. A common approach, and the approach used by Hydra and many other similar pentesting tools and programs is referred to as Brute Force. We could easily do a Concise Bytes on ‘Brute Force Hacking’ but since this post is all about Hydra let’s place the brute-force attack concept within this password-guessing tool
JOHN
John the Ripper is designed to be both
feature-rich and fast. It combines several cracking modes in one program
and is fully configurable for your particular needs (you can even
define a custom cracking mode using the built-in compiler supporting a
subset of C). Also, John is available for several different platforms
which enables you to use the same cracker everywhere (you can even
continue a cracking session which you started on another platform).
When running on Linux distributions with glibc 2.7+, John 1.7.6+ additionally supports (and autodetects) SHA-crypt hashes (which are actually used by recent versions of Fedora and Ubuntu), with optional OpenMP parallelization (requires GCC 4.2+, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile).
Similarly, when running on recent versions of Solaris, John 1.7.6+ supports and autodetects SHA-crypt and SunMD5 hashes, also with optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile and at runtime by setting the OMP_NUM_THREADS environment variable to the desired number of threads).
John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.
Maltego
Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego's unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.
With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your "environment" is not always clear or complete. In fact, most often it's not what we know that is harmful - it's what we don't know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based?
Maltego offers the user with unprecedented information. Information is leverage. Information is power. Information is Maltego.
Metasploit framework
Metasploit
has become over the years the best framework to conduct penetration
testing on network systems and IT infrastructure. The Metasploit
Project, or better known as simply '' is a hugely popular pentesting or
hacking tool that is used by cyber security professionals and ethical
hackers. Metasploit is essentially a computer security project that
supplies information about known security vulnerabilities and helps to
formulate penetration testing and IDS testingThe basic steps for exploiting a system using the Framework include:
- Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
- Optionally checking whether the intended target system is susceptible to the chosen exploit;
- Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
- Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
- Executing the exploit.
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.
NMAP
Nmap ("Network Mapper") is a free and open source
(license) utility for
network discovery and security auditing. Many systems and network
administrators also find it useful for tasks such as network
inventory, managing service upgrade schedules, and monitoring host or
service uptime. Nmap uses raw IP packets in novel ways to determine
what hosts are available on the network, what services (application
name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It
was designed to rapidly scan large networks, but works fine against
single hosts. Nmap runs on all major computer operating systems, and
official binary packages are available for Linux, Windows,and Mac OS
X OWASP-ZAP
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
It comes with a powerful detection engine, many
niche features for the ultimate penetration tester and a broad range of
switches lasting from database fingerprinting, over data fetching from
the database, to accessing the underlying file system and executing
commands on the operating system via out-of-band connections. Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal
Post a Comment
Thank you for visiting Afridi's Technoworld