Shulou(Shulou.com)05/31 Report--

Today, I would like to share with you the relevant knowledge points of kali linux tools, which are detailed in content and clear in logic. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article.

Kali linux tools are: 1, Nmap;2, Lynis;3, WPScan;4, Aircrack-ng;5, Hydra;6, Wireshark;7, Metasploit Framework;8, Skipfish;9, Maltego and so on.

The operating environment of this tutorial: Kali Linux 2021.4 system, Dell G3 computer.

Kali Linux is a Debian-based Linux distribution designed for digital forensics operating systems. Update every quarter. Maintained and funded by Offensive Security Ltd. It was first done by Offensive Security's Mati Aharoni and Devon Kearns by rewriting BackTrack, the Linux distribution they had previously written for forensics.

So what tools does kali linux have?

1 、 Nmap

Nmap (Network Mapper (Network Mapper)) is one of the most popular information gathering tools on Kali Linux. In other words, it can get information about the host: its IP address, operating system detection, and details of network security (such as the number of open ports and what they mean).

It also provides firewall avoidance and spoofing functions.

2 、 Lynis

Lynis is a powerful tool for security auditing, compliance testing, and system hardening. Of course, you can also use it for vulnerability detection and penetration testing.

It will scan the system based on the detected components. For example, if it detects Apache-- it runs Apache-related tests against the entry information.

3 、 WPScan

WordPress is one of the best open source CMS, and this tool is the best free WordpPress security audit tool. It is free, but not open source.

If you want to know if a WordPress blog is somewhat vulnerable, WPScan is your friend.

In addition, it provides you with details of the plug-ins you are using. Of course, a secure blog may not reveal many details, but it is still the best tool for WordPress security scans to find potential vulnerabilities.

4 、 Aircrack-ng

Aircrack-ng is a collection of tools for evaluating the security of WiFi networks. It is not limited to monitoring and access to information-it also includes the ability to destroy networks (WEP, WPA 1 and WPA 2).

If you forget your WiFi network password, you can try to use it to regain access. It also includes a variety of wireless attack capabilities that you can use to locate and monitor WiFi networks to enhance their security.

5 、 Hydra

If you are looking for an interesting tool to crack login passwords, Hydra will be one of the best pre-installed tools for Kali Linux.

It may no longer be actively maintained, but it is now on GitHub, so you can contribute to it, too.

6 、 Wireshark

Wireshark is the most popular network analyzer on Kali Linux. It can also be classified as one of the best Kali Linux tools for network sniffing.

It is under active maintenance, so I would certainly suggest you try it.

7 、 Metasploit Framework

Metsploit Framework (MSF) is the most commonly used penetration testing framework. It is available in two versions: an open source version and a professional version. Using this tool, you can verify vulnerabilities, test known vulnerabilities, and perform a complete security assessment.

Of course, the free version doesn't have all the features, so if you care about the difference between them, you should compare the versions here.

8 、 Skipfish

Similar to WPScan, but it doesn't just focus on WordPress. Skipfish is a Web application scanner that provides you with insights into almost all types of Web applications. It is fast and easy to use. In addition, its recursive crawling method makes it easier to use.

The reports generated by Skipfish can be used for professional Web application security assessment.

9 、 Maltego

Maltego is an impressive data mining tool for analyzing information online and connecting information points, if any. Based on this information, it creates a directed graph to help analyze the links between the data.

Please note that this is not an open source tool.

It is preinstalled, but you must register to select the version you want to use. For personal use, the community version is sufficient (you only need to sign up for an account), but if you want to use it for commercial purposes, you need to subscribe to the classic or XL version.

10 、 Nessus

If your computer is connected to the network, Nessus can help you find vulnerabilities that potential attackers may exploit. Of course, if you are the administrator of multiple computers connected to the network, you can use it and protect those computers.

However, it is no longer a free tool, and you can try it for free from the official website for 7 days.

11 、 Burp Suite Scanner

Burp Suite Scanner is an excellent network security analysis tool. Unlike other Web application security scanners, Burp provides GUI and some advanced tools.

The Community Edition only limits functionality to basic manual tools. For professionals, you must consider upgrading. Similar to the previous tools, this is not open source.

I have used the free version, but if you want more details, you should check out the features available on their official website.

12 、 BeEF

BeEF (browser Utilization Framework (Browser Exploitation Framework)) is another impressive tool. It is tailored for penetration testers to evaluate the security of Web browsers.

This is one of the best Kali Linux tools because many users want to know and fix client-side problems when talking about Web security.

13 、 Apktool

Apktool is indeed one of the popular tools on Kali Linux for reverse engineering Android applications. Of course, you should use it correctly-for educational purposes.

Using this tool, you can try it yourself and let the original developer know what you think. What do you think you're going to do with it?

14 、 sqlmap

If you are looking for an open source penetration testing tool-sqlmap is one of the best. It automates the process of exploiting SQL injection vulnerabilities and helps you take over the database server.

15 、 John the Ripper

John the Ripper is a popular password cracking tool on Kali Linux. It is also free and open source. However, if you are not interested in Community Enhancement, you can use it as a professional version for commercial use.

16 、 Snort

Do you want real-time traffic analysis and packet logging? Snort can give you your full support. Even if it is an open source intrusion prevention system, there are many things to offer.

If you haven't already installed it, the official website mentions the installation process.

17 、 Autopsy Forensic Browser

Autopsy is a digital forensics tool used to investigate what is happening on a computer. Well, you can also use it to recover images from a SD card. It is also used by law enforcement officials. You can read the documentation to explore what you can do with it.

You should also check their GitHub page.

18 、 King Phisher

Phishing attacks are now very common. King Phisher tools can help test and raise user awareness by simulating real phishing attacks. For obvious reasons, you need to get permission before simulating an organization's server content.

19 、 Nikto

Nikto is a powerful Web server scanner-which makes it one of the best Kali Linux tools. It checks for potentially dangerous files / programs, outdated server versions, and so on.

20 、 Yersinia

Yersinia is an interesting framework for performing layer 2 attacks on the network (layer 2 refers to the data link layer of the OSI model). Of course, if you want your network to be secure, you must consider all seven layers. However, this tool focuses on layer 2 and various network protocols, including STP, CDP,DTP, and so on.

21. Social Engineering Toolkit (SET)

If you are conducting a fairly rigorous penetration test, this should be one of the best tools you should check. Social engineering is a big problem, and with SET tools, you can help prevent such attacks.

These are all the contents of this article entitled "what are the tools of kali linux?" Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.