TranslateProject/sources/tech/20190509 21 Best Kali Linux Tools for Hacking and Penetration Testing.md

[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (21 Best Kali Linux Tools for Hacking and Penetration Testing)
[#]: via: (https://itsfoss.com/best-kali-linux-tools/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)

21 Best Kali Linux Tools for Hacking and Penetration Testing
======

_**Here’s our list of best Kali Linux tools that will allow you to assess the security of web-servers and help in performing hacking and pen-testing.**_

If you read the [Kali Linux review][1], you know why it is considered one of the [best Linux distributions for hacking and pen-testing][2] and rightly so. It comes baked in with a lot of tools to make it easier for you to test, hack, and for anything else related to digital forensics.

It is one of the most recommended Linux distro for ethical hackers. Even if you are not a hacker but a webmaster – you can still utilize some of the tools to easily run a scan of your web server or web page.

In either case, no matter what your purpose is – we shall take a look at some of the best Kali Linux tools that you should be using.

_Note that not all tools mentioned here are open source._

### Top Kali Linux Tools for Hacking and Penetration Testing

![Kali Linux][3]

There are several types of tools that comes pre-installed. If you do not find a tool installed, simply download it and set it up. It’s easy.

#### 1\. Nmap

![Kali Linux Nmap][4]

[Nmap][5] or “Network Mapper” is one of the most popular tools on Kali Linux for information gathering. In other words, to get insights about the host, its IP address, OS detection, and similar network security details (like the number of open ports and what they are).

It also offers features for firewall evasion and spoofing.

#### 2\. Lynis

![Lynis Kali Linux Tool][6]

[Lynis][7] is a powerful tool for security auditing, compliance testing, and system hardening. Of course, you can also utilize this for vulnerability detection and penetration testing as well.

It will scan the system according to the components it detects. For example, if it detects Apache – it will run Apache-related tests for pin point information.

#### 3\. WPScan

![][8]

WordPress is one of the [best open source CMS][9] and this would be the best free WordpPress security auditing tool. It’s free but not open source.

If you want to know whether a WordPress blog is vulnerable in some way, [WPScan][10] is your friend.

In addition, it also gives you details of the plugins active. Of course, a well-secured blog may not give you a lot of details, but it is still the best tool for WordPress security scans to find potential vulnerabilities.

#### 4\. Aircrack-ng

![][11]

[Aircrack-ng][12] is a collection of tools to assess WiFi network security. It isn’t just limited to monitor and get insights – but it also includes the ability to compromise a network (WEP, WPA 1, and WPA 2).

If you forgot the password of your own WiFi network – you can try using this to regain access. It also includes a variety of wireless attacks with which you can target/monitor a WiFi network to enhance its security.

#### 5\. Hydra

![][13]

If you are looking for an interesting tool to crack login/password pairs, [Hydra][14] will be one of the best Kali Linux tools that comes pre-installed.

It may not be actively maintained anymore – but it is now on [GitHub][15], so you can contribute working on it as well.

[][16]

Suggested read [Year 2013 For Linux] 14 New Linux Distributions Born

#### 6\. Wireshark

![][17]

[Wireshark][18] is the most popular network analyzer that comes baked in with Kali Linux. It can be categorized as one of the best Kali Linux tools for network sniffing as well.

It is being actively maintained, so I would definitely recommend trying this out.

#### 7\. Metasploit Framework

![][19]

[Metsploit Framework][20] is the most used penetration testing framework. It offers two editions – one (open source) and the second is the pro version to it. With this tool, you can verify vulnerabilities, test known exploits, and perform a complete security assessment.

Of course, the free version won’t have all the features, so if you are into serious stuff, you should compare the editions [here][21].

#### 8\. Skipfish

![][22]

Similar to WPScan, but not just focused for WordPress. [Skipfish][23] is a web application scanner that would give you insights for almost every type of web applications. It’s fast and easy to use. In addition, its recursive crawl method makes it even better.

For professional web application security assessments, the report generated by Skipfish will come in handy.

#### 9\. Maltego

![][24]

[Maltego][25] is an impressive data mining tool to analyze information online and connect the dots (if any). As per the information, it creates a directed graph to help analyze the link between those pieces of data.

Do note, that this isn’t an open source tool.

It comes pre-installed, however, you will have to sign up in order to select which edition you want to use. If you want for personal use, the community edition will suffice (you just need to register for an account) but if you want to utilize for commercial purpose, you need the subscription to the classic or XL version.

#### 10\. Nessus

![Nessus][26]

If you have a computer connected to a network, Nessus can help find vulnerabilities that a potential attacker may take advantage of. Of course, if you are an administrator for multiple computers connected to a network, you can make use of it and secure those computers.

However, this is not a free tool anymore, you can try it free for 7 days on from its [official website][27].

#### 11\. Burp Suite Scanner

![][28]

[Burp Suite Scanner][29] is a fantastic web security analysis tool. Unlike other web application security scanner, Burp offers a GUI and quite a few advanced tools.

However, the community edition restricts the features to only some essential manual tools. For professionals, you will have to consider upgrading. Similar to the previous tool, this isn’t open source either.

I’ve used the free version, but if you want more details on it, you should check out the features available on their [official website][29].

#### 12\. BeEF

![][30]

BeEF (Browser Exploitation Framework) is yet another impressive tool. It has been tailored for penetration testers to assess the security of a web browser.

This is one of the best Kali Linux tools because a lot of users do want to know and fix the client-side problems when talking about web security.

#### 13\. Apktool

![][31]

[Apktool][32] is indeed one of the popular tools found on Kali Linux for reverse engineering Android apps. Of course, you should make good use of it – for educational purposes.

[][33]

Suggested read 4 Format Factory Alternative In Linux

With this tool, you can experiment some stuff yourself and let the original developer know about your idea as well. What do you think you’ll be using it for?

#### 14\. sqlmap

![][34]

If you were looking for an open source penetration testing tool – [sqlmap][35] is one of the best. It automates the process of exploiting SQL injection flaws and helps you take over database servers.

#### 15\. John the Ripper

![John The Ripper][36]

[John the Ripper][37] is a popular password cracker tool available on Kali Linux. It’s free and open source as well. But, if you are not interested in the [community-enhanced version][37], you can choose the [pro version][38] for commercial use.

#### 16\. Snort

Want real-time traffic analysis and packet logging capability? [Snort][39] has got your back. Even being an open source intrusion prevention system, it has a lot to offer.

The [official website][40] mentions the procedure to get it installed if you don’t have it already.

#### 17\. Autopsy Forensic Browser

![][41]

[Autopsy][42] is a digital forensic tool to investigate what happened on your computer. Well, you can also use it to recover images from SD card. It is also being used by law enforcement officials. You can read the [documentation][43] to explore what you can do with it.

You should also check out their [GitHub page][44].

#### 18\. King Phisher

![King Phisher][45]

Phishing attacks are very common nowadays. And, [King Phisher tool][46] helps test, and promote user awareness by simulating real-world phishing attacks. For obvious reasons, you will need permission to simulate it on a server content of an organization.

#### 19\. Nikto

![Nikto][47]

[Nikto][48] is a powerful web server scanner – that makes it one of the best Kali Linux tools available. It checks in against potentially dangerous files/programs, outdated versions of server, and many more things.

#### 20\. Yersinia

![][49]

[Yersinia][50] is an interesting framework to perform Layer 2 attacks (Layer 2 refers to the data link layer of [OSI model][51]) on a network. Of course, if you want a network to be secure, you will have to consider all the seven layers. However, this tool focuses on Layer 2 and a variety of network protocols that include STP, CDP, DTP, and so on.

#### 21\. Social Engineering Toolkit (SET)

![][52]

If you are into pretty serious penetration testing stuff, this should be one of the best tools you should check out. Social engineering is a big deal and with [SET][53] tool, you can help protect against such attacks.

**Wrapping Up**

There’s actually a lot of tools that comes bundled with Kali Linux. Do refer to Kali Linux’ [official tool listing page][54] to find them all.

You will find some of them to be completely free and open source while some to be proprietary solutions (yet free). However, for commercial purpose, you should always opt for the premium editions.

We might have missed one of your favorite Kali Linux tools. Did we? Let us know about it in the comments section below.

--------------------------------------------------------------------------------

via: https://itsfoss.com/best-kali-linux-tools/

作者：[Ankush Das][a]
选题：[lujun9972][b]
译者：[译者ID](https://github.com/译者ID)
校对：[校对者ID](https://github.com/校对者ID)

本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出

[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/kali-linux-review/
[2]: https://itsfoss.com/linux-hacking-penetration-testing/
[3]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/04/kali-linux-tools.jpg?resize=800%2C518&ssl=1
[4]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/04/kali-linux-nmap.jpg?resize=800%2C559&ssl=1
[5]: https://nmap.org/
[6]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/04/lynis-kali-linux-tool.jpg?resize=800%2C525&ssl=1
[7]: https://cisofy.com/lynis/
[8]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/04/wpscan-kali-linux.jpg?resize=800%2C545&ssl=1
[9]: https://itsfoss.com/open-source-cms/
[10]: https://wpscan.org/
[11]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/04/aircrack-ng-kali-linux-tool.jpg?resize=800%2C514&ssl=1
[12]: https://www.aircrack-ng.org/
[13]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/04/hydra-kali-linux.jpg?resize=800%2C529&ssl=1
[14]: https://github.com/vanhauser-thc/thc-hydra
[15]: https://github.com/vanhauser-thc/THC-Archive
[16]: https://itsfoss.com/new-linux-distros-2013/
[17]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/04/wireshark-network-analyzer.jpg?resize=800%2C556&ssl=1
[18]: https://www.wireshark.org/
[19]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/04/metasploit-framework.jpg?resize=800%2C561&ssl=1
[20]: https://github.com/rapid7/metasploit-framework
[21]: https://www.rapid7.com/products/metasploit/download/editions/
[22]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/04/skipfish-kali-linux-tool.jpg?resize=800%2C515&ssl=1
[23]: https://gitlab.com/kalilinux/packages/skipfish/
[24]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/04/maltego.jpg?resize=800%2C403&ssl=1
[25]: https://www.paterva.com/web7/buy/maltego-clients.php
[26]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/nessus.jpg?resize=800%2C456&ssl=1
[27]: https://www.tenable.com/try
[28]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/04/burp-suite-community-edition-800x582.jpg?resize=800%2C582&ssl=1
[29]: https://portswigger.net/burp
[30]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/04/beef-framework.jpg?resize=800%2C339&ssl=1
[31]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2019/04/apktool.jpg?resize=800%2C504&ssl=1
[32]: https://github.com/iBotPeaches/Apktool
[33]: https://itsfoss.com/format-factory-alternative-linux/
[34]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/sqlmap.jpg?resize=800%2C528&ssl=1
[35]: http://sqlmap.org/
[36]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/john-the-ripper.jpg?ssl=1
[37]: https://github.com/magnumripper/JohnTheRipper
[38]: https://www.openwall.com/john/pro/
[39]: https://www.snort.org/
[40]: https://www.snort.org/#get-started
[41]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/autopsy-forensic-browser.jpg?resize=800%2C319&ssl=1
[42]: https://www.sleuthkit.org/autopsy/
[43]: https://www.sleuthkit.org/autopsy/docs.php
[44]: https://github.com/sleuthkit/autopsy
[45]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/king-phisher.jpg?resize=800%2C626&ssl=1
[46]: https://github.com/securestate/king-phisher
[47]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2019/05/nikto.jpg?resize=800%2C511&ssl=1
[48]: https://gitlab.com/kalilinux/packages/nikto/
[49]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/yersinia.jpg?resize=800%2C516&ssl=1
[50]: https://github.com/tomac/yersinia
[51]: https://en.wikipedia.org/wiki/OSI_model
[52]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2019/05/social-engineering-toolkit.jpg?resize=800%2C511&ssl=1
[53]: https://www.trustedsec.com/social-engineer-toolkit-set/
[54]: https://tools.kali.org/tools-listing