🐉 Kali Linux Tools - Complete Guide

Every tool in Kali Linux explained - what they do, when to use them, and how they work.

⚖️ LEGAL & ETHICAL USE ONLY

Kali Linux tools are for authorized security testing only. Use only on systems you own or have explicit permission to test.

📋 Tool Categories Overview

Information Gathering

Reconnaissance and intelligence collection

46+ tools

Vulnerability Analysis

Finding and assessing security flaws

35+ tools

Web Application Analysis

Testing websites and web apps

52+ tools

Database Assessment

Database security testing

5+ tools

Password Attacks

Cracking and testing passwords

23+ tools

Wireless Attacks

Wi-Fi and Bluetooth testing

28+ tools

Reverse Engineering

Analyzing binaries and malware

37+ tools

Exploitation Tools

Exploiting found vulnerabilities

38+ tools

Sniffing & Spoofing

Network traffic analysis

29+ tools

Post Exploitation

Maintaining access after compromise

19+ tools

Forensics

Digital investigation

44+ tools

Reporting Tools

Documentation and reporting

8+ tools

🕵️ INFORMATION GATHERING

DNS Enumeration Tools

Tool	Purpose	When to Use	Technical Details
dnsenum	Comprehensive DNS enumeration	Initial recon on a domain	Performs zone transfers, brute forces subdomains, reverse lookups, Google scraping
dnsrecon	Advanced DNS reconnaissance	When dnsenum is blocked or you need more stealth	Multi-threaded, checks for zone transfers, cache snooping, SRV records, SPF
fierce	DNS brute forcer	Finding non-public subdomains	Uses dictionary attacks, attempts zone transfers, can traverse IP ranges
dnswalk	DNS zone checker	Checking DNS zone integrity	Performs diagnostic queries to check for common DNS misconfigurations

Network Discovery Tools

Tool	Purpose	When to Use	Technical Details
nmap	Network mapper	Always - the Swiss Army knife	Raw packet crafting, OS detection (-O), service version detection (-sV), script engine (-sC)
masscan	Ultra-fast port scanner	Scanning large networks quickly	Asynchronous transmission, can scan entire Internet in minutes, uses own TCP stack
netdiscover	ARP-based discovery	Local network discovery	Active/passive ARP reconnaissance, finds devices even with firewall, no IP needed
autoscan	Network automapper	Automatic network documentation	GUI tool that automatically discovers and maps networks, uses multiple techniques

🎯 VULNERABILITY ANALYSIS

Vulnerability Scanners

Tool	Purpose	When to Use	Technical Details
OpenVAS	Comprehensive vulnerability scanner	Full enterprise security assessment	50,000+ NVTs, authenticated/unauthenticated checks, CVE correlation, Greenbone frontend
Nikto	Web server scanner	Quick web server checks	6700+ dangerous files/CGIs, checks for outdated versions, host header injection
Lynis	Unix security auditing	Hardening Linux/Unix systems	Checks 300+ security controls, file permissions, kernel parameters, authentication
skipfish	Web application scanner	Deep web app security testing	Recursive crawler, differential security checks, heuristic web application checks

🌐 WEB APPLICATION ANALYSIS

Web Proxies & Interceptors

Tool	Purpose	When to Use	Technical Details
Burp Suite	Web penetration testing platform	Professional web app testing	Proxy, scanner, intruder, repeater, decoder, collaborator, extensible with BApps
OWASP ZAP	Integrated penetration tester	Open-source alternative to Burp	Automated scanner, REST API, websocket support, traditional/headless modes
mitmproxy	Interactive TLS-capable proxy	API testing, mobile app testing	SSL/TLS interception, scriptable with Python, replay attacks, traffic manipulation
sqlmap	Automatic SQL injection	Testing for SQLi vulnerabilities	6 inference techniques, DB fingerprinting, data extraction, OS shell access

🔓 PASSWORD ATTACKS

Password Cracking Tools

Tool	Purpose	When to Use	Technical Details
John the Ripper	Password cracker	Cracking Unix/Linux passwords	Wordlist, incremental, single crack modes, 400+ hash types, rule-based attacks
Hashcat	Advanced password recovery	GPU-accelerated cracking	300+ hash types, OpenCL/CUDA, hybrid attacks, mask attacks, rule engine
hydra	Network login cracker	Brute forcing network services	50+ protocols, parallel attacks, flexible login/pass attempts, restore sessions
crunch	Wordlist generator	Creating custom wordlists	Pattern-based generation, character sets, permutations, statistical patterns

📶 WIRELESS ATTACKS

Wi-Fi Security Tools

Tool	Purpose	When to Use	Technical Details
Aircrack-ng	Wi-Fi security suite	Complete wireless testing	Monitor mode, packet injection, WEP/WPA cracking, deauthentication attacks
Kismet	Wireless detector/sniffer	Wireless reconnaissance	Passive detection, hidden SSID discovery, client probing, GPS mapping
fern-wifi-cracker	GUI wireless cracker	Beginner-friendly Wi-Fi testing	Automated WEP/WPA attacks, session management, wordlist integration
wifite	Automated wireless auditor	Automated penetration testing	Automates Aircrack-ng, Reaver, Pyrit, attacks all networks or targets

💣 EXPLOITATION TOOLS

Exploitation Frameworks

Tool	Purpose	When to Use	Technical Details
Metasploit	Exploitation framework	After finding vulnerabilities	2000+ exploits, 500+ payloads, auxiliary modules, post-exploitation, evasion
Armitage	Metasploit GUI	Visual attack management	Visual network graph, automated attacks, team collaboration, Cortana scripting
BeEF	Browser exploitation	Client-side attacks	Hooks browsers via XSS, command module, social engineering, network recon
searchsploit	Exploit-DB search	Finding exploits for specific vulns	Offline Exploit-DB mirror, filters by platform/type, copy to working directory

📡 SNIFFING & SPOOFING

Network Analysis Tools

Tool	Purpose	When to Use	Technical Details
Wireshark	Network protocol analyzer	Deep packet inspection	3000+ protocols, live capture, offline analysis, decryption, VoIP analysis
ettercap	MITM attacks	Network interception	ARP poisoning, DNS spoofing, SSL stripping, packet filtering, credential sniffing
driftnet	Image capturer	Visual network monitoring	Extracts images from TCP streams, displays in real-time, HTTP/email images
macchanger	MAC address changer	MAC spoofing/obfuscation	Changes MAC addresses, random/vendor-specific, maintains original if needed

🔍 FORENSICS TOOLS

Digital Forensics

Tool	Purpose	When to Use	Technical Details
Autopsy	Digital forensics platform	Complete forensic investigation	File system analysis, timeline, hash filtering, keyword search, web artifacts
volatility	Memory forensics	RAM analysis	Process listing, network connections, DLLs, registry, malicious code detection
binwalk	Firmware analysis	Embedded device forensics	File extraction, entropy analysis, signature scanning, compression detection
foremost	File carver	Recovering deleted files	Header/footer carving, file type detection, raw recovery from disk images

🛠️ REVERSE ENGINEERING

Binary Analysis Tools

Tool	Purpose	When to Use	Technical Details
Ghidra	Reverse engineering suite	NSA-grade RE	Decompiler, disassembler, scripting, collaborative analysis, processor modules
radare2	Binary analysis framework	Command-line RE	Disassembler, debugger, hex editor, scripting, esoteric architectures
ollydbg	Windows debugger	Windows executable analysis	Assembler-level analysis, breakpoints, tracing, plugin architecture
edb-debugger	Cross-platform debugger	Linux binary analysis	GDB-like features with GUI, memory/register views, binary patching

💾 POST EXPLOITATION

Post-Compromise Tools

Tool	Purpose	When to Use	Technical Details
Meterpreter	Advanced payload	After successful exploitation	Memory-resident, encrypted communication, file system access, keylogging
Empire	Post-exploitation framework	Lateral movement and persistence	PowerShell agents, credential harvesting, privilege escalation modules
p0f	OS fingerprinting	Identifying compromised systems	Passive fingerprinting, TCP/IP stack analysis, NAT detection, uptime
weevely	Web shell	Maintaining web access	PHP backdoor, file management, SQL console, reverse shells

📊 REPORTING TOOLS

Documentation & Reporting

Tool	Purpose	When to Use	Technical Details
Dradis	Collaboration/reporting	Team penetration tests	Centralized repository, note-taking, evidence collection, report generation
MagicTree	Data consolidation	Organizing test results	XML-based data storage, query language, reporting templates, graphing
Metagoofil	Metadata collector	Information gathering phase	Extracts metadata from documents, identifies users, software versions
faraday	Integrated pentest environment	Enterprise penetration testing	Multi-user, vulnerability management, real-time collaboration, plugins

🔧 DATABASE ASSESSMENT

Database Security Tools

Tool	Purpose	When to Use	Technical Details
sqlninja	SQL Server exploitation	MSSQL-specific attacks	Remote command execution, privilege escalation, backdoor installation
sqlsus	MySQL injection	MySQL database testing	Automatic injection, database cloning, file reading/writing
BBQSQL	Blind SQL injection	When errors are not displayed	Time-based and boolean blind SQLi, automatic detection, customizable
jsql-injection	Java SQL injection	Cross-platform SQL testing	Java-based, multi-threaded, database fingerprinting, data extraction

🎓 LEARNING RESOURCES

Official Kali Documentation: https://www.kali.org/docs/
Kali Tools Listing: https://www.kali.org/tools/
Offensive Security Courses: https://www.offensive-security.com/
Practice Labs: Hack The Box, TryHackMe, VulnHub

Kali Linux Tools Guide