Top 10 Best Linux Tools For Hacking And Penetration Tools

Linux-based distros are the most preferred platforms for ethical hacking. Specifically, open source operating systems like Kali Linux Tools and Parrot are extremely popular among security researchers. They are available with a long list of hacking tools with Terminal and graphical user interface interfaces.

I will be listing the simplest Kali Linux tools that you simply can use on Linux OS. I have chosen the most common tool for every category of security tools and represented their main highlights.

1. Wireshark

Wireshark may be a free application you use to capture and look at the data traveling back and forth on your network. It provides the flexibility to drill down and read the contents of every packet and is filtered to satisfy your specific needs. It is usually used to troubleshoot network issues and to develop and test software. This open-source protocol analyser is widely accepted because the industry standard, winning its fair share of awards over the years.

Originally known as Ethereal, Wireshark contains a easy interface that can show information from hundreds of different protocols on all major network types. Information packets is viewed in real time or analyzed offline. Wireshark supports dozens of capture/trace file formats supported together with CAP and ERF. Integrated decryption tools allow you to look at encrypted packets for many popular protocols together with WEP and WPA/WPA2.

How to use Wireshark

You need to know what is normal to find what is abnormal, and Wireshark includes tools to make baseline statistics. While Wireshark may be a network protocol analyzer, and not an intrusion detection system (IDS) , it can even so prove extraordinarily useful to zeroing in on malicious traffic once a red flag has been raised.

Wireshark may also be used to intercept and analyze encrypted TLS traffic. Symmetric session keys are keep within the browser, associated with the appropriate browser setting (and permission and data of the user) an administrator can load those session keys into Wireshark and examine unencrypted internet traffic.

Wireshark comes with graphical tools to check the statistics. This makes it easy to spot general trends, and to present findings to less-technical management.

Wireshark as a learning tool

There are so many hands-on uses for Wireshark that it is easy to overlook what an efficient learning tool it can be. Lifting up the hood of a car is that the best way to understand however an internal combustion engine works, and likewise lifting the lid on network traffic and looking at packets fly by-even drilling all the way down to the computer memory unit level, and examining transmission control protocol headers - may be a powerful thanks to learn, and teach others however the net works.

Demystifying the motor that runs our data economy can only lead to higher-informed business decisions and better government policy, not to mention a better-qualified force. Wireshark is already a staple of classroom curricula in several coaching settings, however the docs are complete enough at now that an eager learner will simply download the network protocol analyzer, sniff their native wifi access point, and start examining traffic.

Wireshark has a rich features :-

• Rich VoIP analysis.
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform).
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.
• Deep inspection of hundreds of protocols, with more being added all the time.
• Live capture and offline analysis.
• Standard three-pane packet browser.
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others.
• Capture files compressed with gzip can be decompressed on the fly.
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
• The most powerful display filters in the industry.
• Coloring rules can be applied to the packet list for quick, intuitive analysis

2. Nmap

Nmap is also a free and open source network scanner that you just can use on your Kali Linux-powered hacking rig. Because it falls under the vulnerability analysis category, a security researcher can use Nmap to perform different functions like identifying hosts on a network, grab the list of open ports, list the hardware specs and OS on networking devices, etc.

Users can further add features to this modular hacking tool for Kali with the help of scripts. This cross-platform tool is additionally available for Windows, BSD, and macOS, however, Linux remains the most popular platform.

Nmap is a powerful network security tool written by Gordon lyon. It absolutely was released almost 20 years ago(in 1997) and has since become the de facto standard for network mapping and port scanning , permitting network directors to find hosts and services on a network, and create a map of the network.

Widely used by network admins and penetration testers (but also by malicious hackers!), Nmap is free to use and is free under the GPL license. This license offers you the correct to run, study, share, and modify the software system. You can find the Nmap source code here: https://github.com/nmap/nmap.

Nmap offers many additional features:-

• Host discovery.
• Operating system detection.
• Service version detection.
• Network information about targets, such as DNS names , device types, and MAC addresses.
• Ability to scan for well-known vulnerabilities.
• Nmap was originally written for Linux, but it has been ported to major operating systems, such as Windows , Solaris, HP-UX, etc. There is even a free and open source GUI called Zenmap, available at https://nmap.org/zenmap.

3. Aircrack-ng

When it comes to Wi-Fi hacking tools for Kali linux or other distros in general, Aircrack-ng is that the perfect network software system suite that acts as a detector, sniffer , password cracker , and analysis tool . All you would like could be a device with a network controller that may sniff 802.11a, 802.11b and 802.11g traffic in raw monitoring mode.

The suite consists of tons of terminal-based tools that you simply can run with easy commands. Except being pre-installed in distros like Parrot and Kali, it is also accessible for Windows, macOS, BSD, and linux distros.

Aircrack-ng is a set of tools for auditing wireless networks. The interface is standard and some command use skills will be required in order to operate this application.

Key new features include:

• Better documentation and support.
• More cards/drivers supported.
• More OS and platforms supported.
• PTW attack.
• WEP dictionary attack.
• Fragmentation attack.
• WPA Migration mode.
• Improved cracking speed.

4. Nikto

Nikto is an Open source internet server scanner that performs comprehensive tests against internet servers for multiple things, including over 6700 probably dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific issues on over 270 servers.

It additionally checks for server configuration things like the presence of multiple index files, http server options, and can attempt to identify installed internet servers and software. Scan items and plugins are frequently updated and might be automatically updated.

Nikto allows pentesters, hackers and developers to examine a web server to find potential problems and security vulnerabilities , including:

• Server and software misconfigurations.
• Default files and programs.
• Insecure files and programs.
• Outdated servers and programs.

There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server.

These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

See the documentation for a full list of features and how to use them.

• SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s Perl/NetSSL).
• Full HTTP proxy support.
• Checks for outdated server components.
• Save reports in plain text, XML, HTML, NBE or CSV.
• Template engine to easily customize reports.
• Scan multiple ports on a server, or multiple servers via input file (including nmap output).
• LibWhisker’s IDS encoding techniques.
• Easily updated via command line.
• Identifies installed software via headers, favicons and files.
• Host authentication with Basic and NTLM.
• Subdomain guessing.
• Apache and cgiwrap username enumeration.
• Mutation techniques to "fish" for content on web servers.
• Scan tuning to include or exclude entire classes of vulnerability checks.
• Guess credentials for authorization realms (including many default id/pw combos).
• Authorization guessing handles any directory, not just the root directory.
• Enhanced false positive reduction via multiple methods: headers.
• page content, and content hashing.
• Reports "unusual" headers seen.
• Interactive status, pause and changes to verbosity settings.
• Save full request/response for positive tests.
• Replay saved positive requests.
• Maximum execution time per target.
• Auto-pause at a specified time.
• Checks for common "parking" sites.
• Logging to Metasploit.
• Thorough documentation.

Nikto Features :-

During web app scanning, different scenarios might be encountered. Nikto supports a wide variety of options that can be implemented during such situations.

The following is an overview of the included options in Nikto:

-Cgidirs: This option is used to scan specified CGI directories. Users can filter "none" or "all" to scan all CGI directories or none. A literal value for a CGI directory such as "/cgi-test/" may also be specified (note that a trailing slash is required). If this is option is not specified, all CGI directories listed in config.txt will be tested.

-config: This option allows the pentester, hacker, or developer to specify an alternative config file to use instead of the config.txt located in the install directory.

-Display: One can control the output that Nikto shows. Reference numbers are used for specification. Multiple numbers may be used as well. The allowed reference numbers can be seen below:

• Show redirects
• Show cookies received
• Show all 200/OK responses
• Show URLs which require authentication

-evasion: pentesters, hackers and developers are also allowed to specify the Intrusion Detection System evasion technique to use. This option also allows the use of reference numbers to specify the type of technique. Multiple number references may be used:

• Random URI encoding (non-UTF8)
• Directory self-reference (/./)
• Premature URL ending
• Prepend long random string
• Fake parameter
• TAB as request spacer
• Change the case of the URL
• Use Windows directory separator (\)

-Format: One might require output/results to be saved to a file after a scan. This option does exactly that.The -o (-output) option is used; however, if not specified, the default will be taken from the file extension specified in the -output option. Valid formats are:

csv – for a comma-separated lists

htm – for an HTML report

txt – for a text report

xml – for an XML report

-host: This option is used to specify host(s) to target for a scan. It can be an IP address, hostname, or text file of hosts.

-id: For websites that require authentication, this option is used to specify the ID and password to use. The usage format is "id:password".

-list-plugins: This option will list all plugins that Nikto can run against targets and then will exit without performing a scan. These can be tuned for a session using the -plugins option.

The output format is:

Plugin name

full name – description

-no404: This option is used to disable 404 (file not found) checking. This reduces the total number of requests made to the web server and may be preferable when checking a server over a slow internet connection or an embedded device. However, this will generally lead to more false positives being discovered.

-plugins: This option allows one to select the plugins that will be run on the specified targets. A comma-separated list should be provided which lists the names of the plugins. The names can be found by using -list-plugins.

There are two special entries: ALL, which specifies all plugins shall be run and NONE, which specifies no plugins shall be run. The default is ALL.

• -port: This option specifies the TCP port(s) to target. To test more than one port on the same host, one can specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list, (i.e., 80,88,90). If not specified, port 80 is used.
• -Pause: This option can be used to prevent tests from being blocked by a WAF for seeming too suspicious. It defines the seconds to delay between each test.
• -timeout: It is sometimes helpful to wait before timing out a request. This option specifies the number of seconds to wait. The default timeout is 10 seconds.
• -useproxy: This option is used in the event that the networks connected to require a proxy. This option asks Nikto to use the HTTP proxy defined in the configuration file.
• -update: This option updates the plugins and databases directly from cirt.net.

5. FunkLoad

FunkLoad features as a load tester in our Kali Linux tool list. Built using Python scripts using the PyUnit framework, FunkLoad emulates a single-threaded browser and handles real-world applications. Differing types of testing that you Just can perform using this software system embody regression testing, performance testing,load testing, stress testing etc. You also get an choice to generate differential reports to compare two bench reports to provide an overview of load changes. You can install it on all Linux distros and run different operations from the command line.

Whose main use cases are:

• Functional testing of web projects, and thus regression testing as well.
• Performance testing: by loading the web application and monitoring your servers it helps you to pinpoint bottlenecks, giving a detailed report of performance measurement.
• Load testing tool to expose bugs that do not surface in cursory testing, like volume testing or longevity testing.
• Stress testing tool to overwhelm the web application resources and test the application recoverability.
• Writing web agents by scripting any web repetitive task.

Installation of funkload:

• Download and Install python 2.7.x
• Download funkload.
• Cd to funkload directory and execute the command "python setup.py install". This will install all dependencies.
• Download tcpwatch-1.3.1.tar.gz
• Extract to a directory.
• Set the path set TCPWatch=tcpwatch directory\tcpwatch-1.3.1\tcpwatch.py

6. Bulk-Extractor

Bulk-Extractor hacking program is popular among ethical hackers for abstracting data like internet addresses, mastercard details, email address, etc., for various styles of digital files. By using these tools, one also can build list of words found among the info that may be later used for word cracking using different linux hacking tools. Once Bulk-Extractor processes files, it stores the leads to feature files that are simply parsable and inspectable. It also comes with a interface interface that makes it simple to browse the resultant files. Users can install Bulk-Extractor on Linux-based operating systems as well as Windows.

Additional scanner plugins:-

• evtx - EVTX file and EVTX chunks (with generated file header)
• ntfsindx - INDX records of $INDEX_ALLOCATION attribute
• ntfslogfile - RSTR/RCRD records of $LogFile
• ntfsmft - FILE records of $MFT
• ntfsusn - USN_RECORD structure records of $UsnJrnl:$J
• utmp - utmp structure records

bulk_extractor now creates an output directory that includes:

• ccn.txt - Credit card numbers
• ccn_track2.txt - Credit card "track 2" information
• domain.txt - Internet domains found on the drive, including dotted-quad addresses found in text.
• email.txt - Email addresses
• ether.txt - Ethernet MAC addresses found through IP packet carving of swap files and compressed system hibernation files and file fragments.
• exif.txt - EXIFs from JPEGs and video segments. This feature file contains all of the EXIF fields, expanded as XML records.
• find.txt - The results of specific regular expression search requests.
• ip.txt - IP addresses found through IP packet carving.
• telephone.txt - US and international telephone numbers.
• url.txt - URLs, typically found in browser caches, email messages, and pre-compiled into executables.
• url_searches.txt - A histogram of terms used in Internet searches from services such as Google, Bing, Yahoo, and others.
• wordlist.txt - A list of all "words" extracted from the disk, useful for password cracking.
• wordlist_*.txt - The wordlist with duplicates removed, formatted in a form that can be easily imported into a popular password-cracking program.
• zip.txt - A file containing information regarding every ZIP file component found on the media. This is exceptionally useful as ZIP files contain internal structure and ZIP is increasingly the compound file format of choice for a variety of products such as Microsoft Office

For each of the above, two additional files may be created:

• *_stopped.txt - bulk_extractor supports a stop list, or a list of items that do not need to be brought to the user’s attention. However rather than simply suppressing this information, which might cause something critical to be hidden, stopped entries are stored in the stopped files.
• *_histogram.txt - bulk_extractor can also create histograms of features. This is important, as experience has shown that email addresses, domain names, URLs, and other information that appear more frequently on a hard drive or in a cell phone’s memory can be used to rapidly create a pattern of life report.

7. Metasploit Framework

The Metaploit Framework needs no introduction as it’s the world’s most used penetration testing platform. It permits you to spot, validate, and exploit completely different loopholes. It is additionally used as a base for several commercial moral hacking frameworks. Being an open source framework, the open source community keeps adding newer modules and Rapid7 also keeps adding new features on its own.

What makes it even additional interesting is that the proven fact that new updates to this tool are pushed each day. You can install Metasploit on Linux, Windows, macOS, and BSD.

Here are some terms that you need to understand if you are using Metasploit:

Term 1 – System exploitation - the root term behind meta ‘sploit’ – i.e. exploitation This term means that you are trying to exploit a vulnerability in a system, machine or network. This means that basically you are trying to look in a network and find a computer that has a hole (backdoor) which could be compromised.

Term 2 – Payload – think of this like a fighter jet unleashing a weapon with a payload ! A big thing about Metasploit is that it not only scans but it also collects information regarding systems that can be exploited – and then – executes code within a compromised system. In summary, this term implies injecting code that is bundled within a payload.

Once a payload has been unleashed then the hacker or penetration tester can run commands and actions. The objective should be to plant a big enough payload that can facilitate the creation of a a shell code. A shell is a command interface which essentially gives the user complete control over a compromised machine.

Since Metasploit is a framework the user can create their own code and scripts but – don’t worry if you don’t know how to code since many modules have already been created. All Metasploit modules are very specific to perform specific tasks , so to run network scanning , ARP poisoning, packet sniffing etc, a module has very likely already been created.

Term 3 – Listening – get in touch with your female side and be a good listener! Metasploit is patient and a great listener. Metasploit , like Wireshark in fact, is very good at listening to incoming connections. Worth noting that in the hacking world, things don’t move very fast, a dedicated hacker can spend months working out their best strategy and attack vectors. Research is obviously vital to any attack. PunkSPIDER and SHODAN would be two examples of services that a penetration tester could use prior to opening up Metasploit. Both PunkSPIDER and SHODAN act almost like search engines with the difference in that these engines look for server information and vulnerabilities. Metasploit could be deployed to open any half closed doors.

Metasploit Interfaces

There are a couple of interfaces that can be used. The first option is the the MSFconsole which is the hackers preferred method or most puritanical way of using Metasploit. The other more friendly approach to using Metasploit is to use Armitage.

Metasploit Database – specific to the user’s requirements One of the things that makes Metasploit unique, and a must for anyone interested in learning the skills of pentesting or hacking, is that the program/ framework can record data in its’ own internal database, i.e. on your system. Why is this good? Simply said it just organizes your work flow. You can set up the system so that tasks are spread as thin as possible to minimize the chances of being detected.

8. Ophcrack

Ophcrack is one of the most acknowledged password cracking tools available for ethical hacking purposes. Being an easy-to-use tool with an easy graphical interface, this free and open source tool is preferred to crack passwords in minutes. Ophcrack is additionally known for one of the best implementations of rainbow tables for cracking. As it’s a cross-platform tool, you can use it on Linux and Windows with ease. It also comes within the type of a live Linux CD supported the SliTax distro for cracking of passwords of a Windows machine.

Pros and Cons of Ophcrack :-

Before you use Ophcrack, you need to have more knowledge about what Ophcrack can or can not do, so that you can choose according to your practical situation. The following lists the pros and cons of Ophcrack.

Pros:

• It is freely available for downloading online.
• Passwords are recovered automatically using LiveCD methond.
• No software installation is necessary to recover passwords.
• No software installation is necessary to recover passwords.
• Ophcrack works not only with Windows, but also with Mac and Linux.

Cons:

• 649MB / 425MB LiveCD ISO image must be downloaded.
• LiveCD ISO image must be burned to a disc or USB device before being used.
• Passwords longer than 14 characters can not be recovered.
• Some antivirus programs mistakenly identify Ophcrack as a Trojan or virus.
• Unable to work on Windows 10, 8.1, 8.

How to Use Ophcrack to Crack Windows Password

Cracking a Windows password with Ophcrack with the use of rainbow tables is comparatively simple, if you are taking the proper steps and if the pc can boot from a disc. in the main four steps are required to walk you through the complete method of using Ophcrack LiveCD to recover your password, together with getting the software on a disc or flash drive.

Troubleshoot Ophcrack

Many Ophcrack users feedback that Ophcrack has several issues, for instance, it often crashes suddenly. Some others report that Ophcrack Window seven no tables found. Even if Ophcrack claims to have a recovery rate of 90th, it additionally has the possibility of unable to find password. For these problems, you had higher turn to an Ophcrack alternative for help.

9. Netcat

Netcat is a simple but useful tool used for TCP, UDP, Unix-domain sockets. Netcat can listen or connect specified sockets easily. Netcat is a platform independent command supported by Linux, Unix, Windows, BSD, MacOS etc.

Common use cases for netcat are;

• Simple TCP proxy.
• Shell script based HTTP clients and Servers.
• Network daemon testing.
• A SOCKS or HTTP Proxy Command for ssh.

Apart from these, Netcat offers functions like:

• Banner grabbing
• Bind shell (backdoor )
• Chatting
• File uploading and downloading
• Port scanning
• Port knocking
• Port forwarding
• Port redirector

The netstat command displays TCP services waiting for local station connections. We notice that the netcat program listens on port 4444. The options of the netstat command are:

• t – displays TCP connections
• l – shows the services that are waiting for (listen) connections
• n – disables name resolution for IP addresses and ports; we typically disable name resolution to eliminate the latency of the resolving process;
• p – displays the name and PID of the network service process that awaits connections on the given port.

In construction display 0.0.0.0:4444 in the Local Address column means that the service listens to connections on all IP addresses/system interfaces available on port 4444.

10. Snort

Snort is an open source Network Intrusion Detection System (NIDS) that is available free of cost. NIDS is that the type of Intrusion Detection System (IDS) that is used for scanning information flowing on the network. There are host-based intrusion detection systems, that are put in on a selected host and detect attacks targeted thereto host only. Though all intrusion detection strategies are still new, Snort is ranked among the top quality systems out there today.

Snort is an open source network intrusion detection system (NIDS) created by Martin Roesch. Snort could be a packet person that monitors network traffic in real time, scrutinizing every packet closely to observe a dangerous payload or suspicious anomalies.

Snort Rules

Snort rules provide that detect attacks and malicious activities. You can write specific rules such as alert, log, drop the connection, etc. Rules have a simple syntax. Also, you can write all the rules in a config file, and you can edit that what do you want another system.

Snort has three different mods. These mods are;

• Packet Sniffer
• Packet Logger
• NIPDS (Network Intrusion and Prevention Detection System)

Snort is built to detect various types of hacking and uses a flexible rules language to determine the types of network traffic that should be collected.

For Snort to work correctly, users must identify directories for use and perform calibrations to specify how the program should work in any of its three basic modes.

Note :

With these Kali linux Tools, you simply can’t go wrong. All of them are sure to satisfy most of your networking needs. However, if we miss any necessary Kali Linux tool then hit us up within the comments and we’ll update our list as shortly as possible. Until then, do provide these Kali Linux tools a try to allow us to know your experiences and favourites.Keep reading, keep learning.

Thank you for reading this article. Do let me know for any queries in comment section below.