Top 25 penetration testing tools of Kali Linux 2020

Kali Linux operating system offers probably the best hacking & penetration testing tools today. With their extensive documentation, community and tools, getting started in the world of cyber security is not as difficult as it was 20 years back; nowadays, you can find predefined tools for almost anything you imagine.

By properly implementing these Kali Linux tools, you will have different ways to test and increase the security of your web applications and systems. Using best Kali Linux tools, you can easily identify security holes and vulnerabilities and also able to penetrate those weaknesses.

What is kali linux?

Kali Linux is free and open source Debian-based operating system that primarily used for penetration testing & security purposes. Kali Linux is founded by Offensive Security and it is one of the prominent security system used by different companies and security experts.

Join Ethical Hacking Course in Delhi to know more about such Kali Linux Tools and also learn how to practically implement each and every tool in a professional manner. If you are interested in more such tips and tricks than keep us visiting at DICC Blog.

One of the biggest advantages of Kali Linux is that it is available with more than 600 hacking tools for security purposes. It includes many security hacking tools for web applications, information gathering, wireless attacks, vulnerability scanning, reverse engineering, hardware hacking, forensic tools, operating tools , stress tests, sniffing and identity theft, password hacking and many more. So, today we are discussing the 25 most used Kali Linux penetration testing tools in 2020. Let’s start!

The 25 penetration testing tools of Kali Linux 2020 in Ethical Hacking

#1. Netcat

Netcat is one of the kali Linux tool applications to explore the network such as port scanning, IP scanning etc. It is quite famous in the security industry, network & systems administration industry. and also among ethical hackers.

Although it is mainly used for outgoing / incoming network checking & port exploration, it is equally beneficial when used in combination with programming languages ​​such as Perl, Python or C, C++ or with bash scripts.

Key features of Netcat include:

• Analysis of TCP & UDP ports
• Incoming and outgoing network sniffing
• Reverse DNS analysis and Forward DNS Analysis.
• Scan local & remote ports
• Fully compiled with standard terminal input
• UDP & TCP tunneling mode

Download Link: http://netcat.sourceforge.net/

#2. OpenVAS

OpenVAS  (Open Vulnerability Assessment System) is a famous Kali Linux tool founded by the team of experts who also developed the famous Nessus vulnerability tool. OpenVas is freely available under the GLP license and anyone can use it to explore vulnerabilities in the local area or remote area networks.

Among the top 25 penetrations testing tools of Kali Linux OpenVas security tool enables you to write & integrate your own security plugins to the OpenVAS terminal- even if the current engine available with more than 50,000 NVT (Network Vulnerability Tests) which can literally scan everything you imagine in terms of security weaknesses.

Main Features of OpenVas:

• Network Mapper & Port Scanner
• Simultaneous host discovery
• It can Schedule scans on daily or weekly basis
• Exports results in XML, HTML, LateX file formats
• It can fully integrated with SQL databases such as SQLite
• Support for OpenVAS transfer protocol
• Ability to stop, pause & resume analyzes
• Full support for both Linux and Windows based platforms.

Download Link: https://www.openvas.org/

#3. Nikto2

Nikto is written in Perl and can be downloaded in Kali Linux,  works in addition to OpenVAS & other similar vulnerability scanners.

Nikto2 enables the ethical hackers and the cyber security experts to perform a full scan of the web server to discover security loopholes and weaknesses. This security scanner collects the results by detecting unsafe file & application patterns, default file names and server, outdated server software, and software configuration errors.

It includes host-based authentication, proxy support, SSL encryption and much more.

The main features include:

• It can scan multiple ports on the same server
• Exports results in XML, HTML, TXT, NBE or CSV.
• IDS escape techniques
• List of Apache and cgiwrap usernames
• Identifies software installed through headers, favicons & files
• Analyzes the specified CGI directories
• Uses custom configuration files
• Debugging and detailed output.

Download Link: https://cirt.net/Nikto2

#4. Nmap

Nmap is the most prominent network mapping tool across the world. NMAP enables the security professionals to find out the active hosts in any network and gather other important information (like open ports) which is important for penetration testing process.

Features of N-Map Tool Includes:

• Host detection: It is useful for analyze the IP address and hosts in any network.
• Analyses of Open Ports: allows you to find out the list the open ports on the local or remote networks
• Operating system information: It is also useful for retrieving information on the operating system & hardware of any connected device in the network.
• Application version detection:  It allows you to determine the name & version number of the respective application.
• Scriptable communication: It extends the default capabilities of Nmap using the Nmap Script Engine (NSE)

Download Link: https://nmap.org/

#5. Unicornscan

Unicornscan that is available under the GPL license is one of the major penetration testing tools used for retrieving information & data correlation. It is one of the best tools among these 25 penetrations testing tools of Kali Linux.

It allows the advanced asynchronous TCP & UDP scanning features as well as helpful network discovery models that will be useful for you to find remote or local hosts. It can also disclose information about the software being run by each of them.

The main features include:

• Asynchronous TCP analysis
• Asynchronous UDP analysis
• Detection of operating systems, applications and systems
• It has the ability to utilize custom data sets
• Asynchronous TCP banner discovery
• It supports SQL relational output

Download Link: https://sectools.org/tool/unicornscan/

#6. Fierce

Fierce is one of the best tools available for port scanning & network mapping. It can be used to find out the remote and local IP space and host names on different networks.

Fierce is few similarities to Nmap & Unicornscan, but unlike these tools, Fierce is most often used in particular corporate networks.

Once the penetration tester has defined the victim’s network, Fierce will run different tests on the preferred domains to gather the valuable information that can be used for further analysis & exploitation.

Main features of Fierce include:

• Analysis of internal & external IP ranges
• IP range & full class C scan
• It has the ability to change DNS server for reverse lookups
• Save capacities in a system file
• Discovery of name servers and zone transfer attack
• Brute force attacking capabilities use by an integrated or custom text list

Download Link: https://github.com/mschwager/fierce

 

#7. Fluxion best WiFi analyzer

Fluxion  is a WiFi analyzer specializing in MITM WPA attacks. It allows you to scan wireless networks, looking for security holes in corporate or personal networks.

Unlike other WiFi cracking tools, Fluxion does not attempt brute force cracking which is usually time-consuming.

Instead, it generates an MDK3 process that forces all users connected to the target network to authenticate. Once done, the user is asked to connect to a fake access point, where they will enter the WiFi password. Then the program notifies you of the password, so that you can access it.

Download Link: https://github.com/wi-fi-analyzer/fluxion

#8. WPScan

WPScan  is recommended to audit the security of your WordPress installation. Using WPScan, you can check if your WordPress configuration is vulnerable to certain types of attacks or if it exposes too much information in your basic, plug-in or theme files.

Among 25 Kali Linux penetration testing tools WPscan WordPress security tool also allows you to find all weak passwords for all registered users, and even execute brute force attack against it to see which ones can be hacked.

WPScan receives regular updates from the source of WordPress wpvulndb.com vulnerability database which makes it excellent software for up-to-date WP security.

What can you do with WPScan?

• Non-intrusive security scans
• Enumeration of the username WP
• Bruteforce WP attack and weak password cracking
• List of vulnerabilities in WP plugins
• Schedule WordPress security scans

Download Link: https://wpscan.org/

#9. CMSMap

As compare to WPScan,  CMSMap  provide a centralized solution for not only one CMS i.e. WordPress, but provide solutions to four of the most popular CMS in terms of vulnerability detection.

CMSmap is an open source project written in Python which automates the process of analysis and detection of vulnerabilities in WordPress, Joomla, Drupal and Moodle.

In this list of 25 Kali Linux penetration testing tools This tool is not only useful for detecting security breaches in these four popular CMS, but also for performing real brute force attacks and launching exploits once a vulnerability found.

The main features include:

• Supports multiple scanning threats and vulnerabilities.
• Ability to define a custom user agent and header.
• It can save the results in a text file.
• It has support for SSL encryption.
• Detailed mode for debugging purposes.

Download Link: https://github.com/Dionach/CMSmap

#10. Kismet Wireless

Kismet Wireless  is a freely available cross-platform wireless LAN analyzer, sniffer & IDS (intrusion detection system).

It is compatible with nearly all kinds of wireless cards. Its use in sniffer mode enables you to work in combination with wireless networks like 802.11a, 802.11b, 802.11g and 802.11n.

Kismet Wireless works natively in Windows, Linux and BSD operating systems (FreeBSD, NetBSD, OpenBSD and MacOS).

Main Features:

• Ability to operate in passive mode
• Wireless intrusion detection system
• Analyzes wireless encryption levels for a given access point
• It can easily detect the wireless clients &  access points
• Supports channel hopping
• Network logging

Download Link: https://www.kismetwireless.net/

 

#11. Aircrack-ng

Aircrack-ng is a wireless security software suite. It includes a WEP network hacker, a network packet analyzer and WPA / WPA2-PSK as well as another set of wireless auditing tools. 

Here are the most popular features included in the Aircrack-ng suite:

• Airmon-Ng: captures desired specification packages, and it is particularly useful for decrypting passwords
• Airmon-Ng: converts your wireless card to a wireless card in a promiscuous way
• Aireplay-Ng: can be used to generate or speed up traffic in an access point
• Aircrack-Ng: used to decrypt passwords – capable of using statistical techniques to decrypt WEP and dictionaries for WPA and WPA2 after capturing the WPA handshake
• Airdecap-Ng: decrypts wireless traffic once the key is decrypted

Main Features:

• WEP, WPA / WPA2-PSK password support
• Quick decryption of WEP and WPA passwords
• Packet sniffer and injector
• Possibility to create a virtual tunnel
• WEP key password recovery
• Password list management

Download Link: https://www.aircrack-ng.org/

#12. John the Ripper

John the Ripper  is a famous cross-platform cryptography pen testing tool that can be operated on Linux UNIX, Windows & MacOS. It enables the system administrators & security penetration testers to launch brute force attacks to test the strength of any system password. It can be used to test encryption like DES, SHA-1 and many others.

It has the capacity to modify the methods of deciphering passwords which are defined automatically, according to the algorithm detected.

Licensed and distributed under the GPL license, it is a free tool available to anyone who wants to test their password security.

The main features include:

• Dictionary attacks and brute force tests
• Compatible with most operating systems and CPU architectures
• Can run automatically using crons
• Pause and resume options for any analysis
• Allows you to define custom letters when creating dictionary attack lists
• Allows brute force customization rules

Download Link: https://www.openwall.com/john/

#13. THC Hydra

THC Hydra  is a free hacking tool which is available under the licence of AGPL v3.0 is being widely used by the ethical hackers for brute force remote attack to crack the authentication services.

TCH Hydra has the capacity to support more than 50 protocols; hence it considered to be one of the best tools for testing password security levels in different kinds of servers.

TCH Hydra also supports the most popular operating systems such as Linux, Free BSD, Windows, Solaris and OS X.

Main Features:

• Ultra-fast password cracking speed
• Works on multiple operating systems
• It has the ability to launch simultaneous brute force cracking attacks
• The module-based application allows you to add custom modules
• It supports different protocols like FTP, CVS, HTTPS, HTTP, IMAP, HTTP proxy, LDAP, IRC, MS-SQL, MySQL, etc.

Download Link: https://github.com/vanhauser-thc/thc-hydra

#14. Wireshark

Wireshark  is an open source cross-platform network analyzer that can operate on Linux, OS X, and BSD & Windows.

It is especially useful for finding out what’s going on inside your network, which explains its widespread use in the public, business and education sectors.

It works the same way as tcpdump, but Wireshark adds an excellent graphical interface that allows you to filter, organize and order the captured data, which takes less time to analyze. A text version, called tshark, is comparable in terms of functionality.

The main features include:

• Wireshartk has a very user-friendly interface.
• It has the ability to capture the live packet and offline analysis.
• Full protocol inspection
• Comprehensive VoIP analysis
• Gzip compression & decompression.
• Decryption support for ISAKMP, IPsec, SNMPv3, Kerberos, WEP and WPA / WPA2 and SSL / TLS,
• Reading capture file formats like Pcap NG, tcpdump (libpcap), Catapult DCT2000, iplog Cisco Secure IDS and others.

Download Link: https://www.wireshark.org/

 

#15. RainbowCrack

RainbowCrack  is  one of the best password cracking tools that is available for both Windows & Linux operating systems.

Unlike other password cracking tools, RainbowCrack uses a time-memory compromise algorithm to break hashes as well as large pre-calculated “rainbow tables” that help reduce time while cracking the password.

Features include:

• User-friendly interface available
• Works well with multi-core processors
• Generation, sorting, conversion and search of rainbow tables
• It support GPU acceleration (AMD OpenCL and Nvidia CUDA)
• Support for the rainbow table of any hash algorithm and character set.
• Support for the rainbow table in raw file format (.rt) and compact file format (.rtc).

Download Link: https://project-rainbowcrack.com/

#16. Findmyhash

Written in Python,  findmyhash  is a free open-source tool that helps decrypt passwords using free online services.

It works with the following algorithms: MD5, MD4, SHA225, SHA1, SHA384, SHA256, RMD160, SHA512, WHIRLPOOL, GOST, LM, MYSQL, NTLM, JUNIPER, CISCO7, LDAP, MD5 & LDAP_SHA1. Findmyhash also supports multi-thread analysis that enhances speed and also recognizes the hash value algorithms.

The main features include:

• Recognizing empty hashes
• Reads input from text file
• Ability to escape special characters
• Crack one or more hashes.
• Password hash search on Google
• Pause and resume options
• Save the results to a file.

Download Link: https://tools.kali.org/password-attacks/findmyhash

#17. Metasploit

Metasploit Framework  is based on Ruby platform and it is most of the times used to develop, test & execute exploits against remote hosts. It supports different collection of security and penetration tools used for vulnerability assessment, as well as a powerful terminal-based console – called msfconsole – that enable you to easily find the victims, launch attacks, exploit security vulnerabilities & collect all the confidential data.

It is available for both operating systems i.e for Linux and Windows, MetaSploit Framework is probably one of the most powerful security auditing tools that is available free of cost for penetration purposes..

What can you do with Metasploit Framework?

• Enumeration and discovery of the network
• Hijack detection on remote hosts
• Leverage development and execution
• Working with the MFSconsole
• Analyze remote targets
• Exploit vulnerabilities and collect valuable data

Download Link: https://github.com/rapid7/metasploit-framework

#18. BeEF

BeEF  stands for The Browser Exploitation Framework, a powerful penetration testing tool that uses vulnerabilities and vulnerabilities in the browser to exploit the host.

Unlike other penetration testing tools of Kali Linux, it is more focused on the browser, including attacks on mobile and desktop clients, allowing you to analyze the usability of any Mac and Linux system.

You will be able to select specific modules in real time to audit the security of your browser.

BeEF requirements:

• Operating System: Mac OS X 10.5.0 or higher, Linux
• Ruby 2.3 or newer
• SQLite 3.x
• Node.js 6 or newer

Main Features:

• Web interface and console
• Metasploit integration
• Modular structure
• Inter-process communication and operation
• Historical gathering and intelligence
• Host and network recognition
• Ability to detect browser plugins

Download Link: https://beefproject.com/

#19. Social Engineering Toolkit

Social Engineering Toolkit   that is available for Linux and Mac OS X and also called as SET is an open source Python-based penetration testing framework that will help you to launch social engineering attacks in a faster manner.

Have you ever wondered how to hack social media accounts? Well, SET has the answer – it is essential for those interested in the field of social engineering.

What type of attacks can I launch with SET?

• WiFi access point attacks: this type of attack will redirect or intercept packets from users using our WiFi network
• SMS and email attacks: here SET will try to deceive and generate a fake email to obtain social identification information
• Web-based attacks: allows you to clone a web page so that you can lead real users through DNS spoofing or phishing attacks
• Creation of payloads (.exe): SET will create a malicious .exe file which can compromise the system of the victim after its execution.

The highlighted features include:

• Rapid penetration test
• Integration with third-party modules
• Phishing attack generator
• Launch QRCode attacks
• Support for Powershell attack vectors

Download Link: https://github.com/trustedsec/social-engineer-toolkit

#20. DHCPig

DHCPig  is a DHCP exhaustion application that will launch an advanced attack in order to target all active IP addresses on the LAN.

It also prevents new users from obtaining IP addresses assigned to their computers. Works well enough to attack Linux local networks as well as Windows 2003, 2008, etc.

In fact, DHCPig requires no installation, as it is a small script; it only requires the library installed on your system, and it supports ipv4 and ipv6.

What can you do with DHCPig?

• Detect / print DHCP responses
• Detect / print ICMP requests
• Discover and create a network map of your neighbors’ IPs
• Request all the available IP addresses in a particular area
• Create a loop & send DHCP requests from various MAC addresses
• Explore your neighbors’ MAC and IP addresses
• Free the IP and MAC addresses of the DHCP server
• ARP for all neighbors on this LAN
• Cut the network on Windows systems

Download Link: https://n0where.net/dhcp-exhaustion-attack-dhcpig

# 21. Yersinia

Yersinia  is a network security tool that allows you to perform L2 attacks by taking advantage of security holes in different network protocols.

This tool has the capacity of attacking on routers, switches, DHCP servers & many other such protocols. It includes a complicated GTK graphical interface, in ncurses-based mode, which is capable of reading from a custom configuration file, supports debugging mode and offers to save the results in a log file.

Supported network protocols:

• 802.1q and 802.1x wireless LAN
• Cisco Discovery Protocol (CDP)
• Dynamic Host Configuration Protocol (DHCP)
• Dynamic Join Protocol (DTP)
• Inter-switch link protocol (ISL)
• Hot Standby Router Protocol (HSRP)
• Spanning Tree Protocol (STP)
• VLAN trunk protocol (VTP)

Download Link: https://github.com/tomac/yersinia

#22. SlowHTTPTest

SlowHTTPTest is the most popular penetration testing tools which is most commonly used to launch DOS attacks against any HTTP server. This type of security tool focuses on sending low bandwidth attacks to test the health and response times of your web server. It includes statistics from all your tests and allows you to execute several types of attacks such as:

1. Apache beach header.
2. Slow reading.
3. POST HTTP slow.
4. Slowloris.

The main features include:

• It can save the result output in HTML and CSV files
• Detailed level adjustment (0-4)
• Target a custom number of connections
• Setting up the HTTP connection rate (per second)
• Proxy traffic redirection

Download Link: https://github.com/shekyan/slowhttptest

#23. FunkLoad

 FunkLoad is developed in Python language and is a popular penetration testing tool that works by emulating a fully functional web browser. It is very useful for testing web projects and seeing how they react in terms of web server performance.

FunkLoad provides comprehensive performance testing to help you identify possible bottlenecks in your web applications and web servers, while testing the recovery time of your application.

The main features of FunkLoad include:

• Real web browser emulation (including GET / POST / PUT / DELETE, DAV, cookie, referrer support, etc.)
• Advanced command line testing
• Comprehensive benchmarking reports in PDF, HTML, ReST, Org-mode
• Differential benchmark comparison between 2 results
• Test personalization using a configuration file
• Full support for different servers like Python, PHP, Java

Download Link: https://pypi.org/project/funkload/

#24. T50

T50  is another penetration testing tool included with the Kali Linux distribution. It can help you test the reaction of your websites, servers and networks under a high average load during an attack.

It is among the few of security tools that is capable of encapsulating protocols using GRE (Generic Routing Encapsulation), and supports up to 14 different protocols. The t50 package also allows you to send all protocols sequentially using a single SOCKET.

T50 features:

• DoS and DDoS attack simulator
• The main supported protocols include TCP, UDP, ICMP, IGMP, etc.
• Up to 1,000,000 pps of SYN Flood if you are using a Gigabit network
• Up to 120,000 pps of SYN Flood if using a 100 Mbps network

Download Link: https://gitlab.com/fredericopissarra/t50

#25. Inundator

Inundator is a multi-threaded IDS escape security tool designed to be anonymous. Using TOR, it can flood intrusion detection systems (especially with Snort) causing false positives, which mask the real attack that goes on behind the scenes. Using the SOCKS proxy, it can generate more than 1,000 false positives per minute during an attack.

The main goal of Inundator is to keep your security team busy dealing with false positives while an actual attack occurs.

Characteristics and attributes of the spammer include:

• Multi-threaded capabilities
• Full SOCKS support
• Ready for anonymization
• Support for multiple targets
• Queue-based

Download Link:  http://inundator.sourceforge.net/

---

Are you satisfied with our list of 25 Kali Linux penetration testing tools for 2020, we hope you are ready to start using our cyber security treasure? Leave a small comment if you are satisfied.