The 20 Kali Linux penetration tools discussed in this article are selected based on the
<span>most commonly used</span>and<span>most favored</span>criteria. Therefore, some excellent tools may not be included. If you have better suggestions, please leave a comment for us to make corrections!

Information Gathering Tools
01 traceroute
<span>traceroute</span> is a tool used to detect the number of gateways between the host sending the data packets and the target host. The principle of <span>traceroute</span> is to attempt to send probe packets with the minimum TTL (Time to Live) to trace the gateways that the packets pass through to reach the target host, and then listen for a response from the gateway’s ICMP.
traceroute bbskali.cn

The IP address hops listed above also include my current Internet service provider and the router gateway. This scanning step covers the range of public IP addresses.
02 nmap
Nmap is a well-known network scanning tool. In previous articles, we have many tutorials on this topic, which you can check out if interested. After obtaining the IP address using <span>traceroute</span>, we can use nmap to obtain the corresponding ports and services.
Nmap -v -sS [target IP you want] -Pn

Post-Exploitation Tools
03 Msfconsole
Many of you must have used this; indeed, it is one of the most highly rated tools under Kali Linux. Exploitation can be defined as the identification of vulnerabilities in systems, applications, or services by an attacker. An exploit has four main attributes: payload, Auxiliary, Encoders, and Post.

The specific usage of the tool will not be discussed here.::bli:dog::
Sniffing and Spoofing Tools
04 wireshark
Wireshark is a network analysis tool. By displaying filtered packets, attackers can capture exposed passwords. It can also display results related to specified ports and ICMP traffic.

05 Bettercap
With Bettercap, you can bypass HSTS preloading, HSTS, and SSL/TLS using SSLstrip+ and dns2proxy (DNS server). It redirects clients accessing specific domain names to fake domain names through HTTP redirection.
06 Social Engineering Toolkit (SET)
SET is an open-source penetration framework that implements various custom attack vectors during its execution. These include mass email, spear phishing, phishing, and malicious USB.

WIFI Security Tools
07 fluxion
Fluxion targets users through its created open dual AP. Users need to connect to the set Wi-Fi network instance, which will cause a pop-up of a forged authentication network page. The user then unknowingly inputs the Wi-Fi password, achieving the purpose of <span>phishing</span>.

08 Aircrack-NG Suite
Aircrack-NG can be considered a god-like existence; no matter what kind of WiFi attack method, it is indispensable.

Password Cracking
09 Hydra
It is an online password cracking service. This password attack tool is rated as one of the fastest tools in the field of cybersecurity. Its support for many attack protocols makes it a reputable network login cracker. Some of its notable and supported protocols include XMPP, Cisco AAA, VNC, Cisco Auth, VMware-auth, Cisco-auth, Telnet, CVS, Teamspeak (TS2), FTP, Subversion, SSHKEY, SOCKS5, SMTP Enum, SMTP, SIP, Rlogin, RDP, PostgreSQL, ORACLE SID, ORACLE Listener, HTTP(S)-HEAD, and HTTP(S)-FORM-GET. Example:
hydra -l user -P passlist.txt ftp://192.168.0.1

10 John
John is a well-known offline password cracking service. John the Ripper can effectively crack programs and test passwords. Its functional algorithm can be broken down into three steps. First, it pre-packages and combines the functions of multiple password cracking programs at once. Second, it automatically detects the hash value of the target password. Finally, it integrates a custom password cracker to complete the attack. For example, Linux systems will have user passwords in the file path /etc/password.

11 Crunch
Crunch can be considered a lightweight password dictionary generation tool that generates the passwords we need through various combinations.
crunch <min> max<max> <characterset> -t <pattern> -o <output filename>
12 Hash-Identifier and FindMyHash
Weakly encrypted user passwords or data will become victims of hash identifier password attacks, as hash identifier tools will identify and expose various hashes associated with them. On the other hand, Findmyhash will utilize online services to successfully crack encrypted user data and passwords. The use of the Hash-Identifier tool first requires penetration testers or attackers to identify the relevant user password or data hash type. It will decrypt the provided data or password and identify the hash algorithm used. Next, the Findmyhash tool will crack the provided user data or password.

Database Tools
13 sqlmap
Utilize the SQLMap tool to quickly automate the completion of websites with SQL injection vulnerabilities.

Web Related Tools
14 JoomScan and WPScan
The JoomScan tool scans and analyzes Joomla CMS web applications. In contrast, the WPScan tool scans and analyzes any vulnerabilities on WordPress CMS web applications. Tools like CMSMap and ONLINE CMS Scanner can easily identify the CMS type of the target website.

15 HTTRACK
HTTRACK can effectively clone web pages or websites. It is mainly used to create fake website clones or server attacks through phishing.
16 OWASP-ZAP
Java-based platform for testing web applications. It features an intuitive GUI with attack, spider, fuzz testing, proxy, and scripting capabilities for web applications.

17 BurpSuite
The main function is to act as a proxy interceptor, allowing it to hijack the traffic between web servers and web browsers. Of course, it is also an indispensable tool!

18 Web Vulnerability Scanner Nikto
Mainly assesses web applications and web servers, exposing obvious security vulnerabilities or other related issues.

19 dirb
dirb is a web directory crawling tool. It mainly identifies the directories of web programs, such as obtaining the backend directory of a website.

20 WhatWeb
WhatWeb is a web fingerprinting tool that can obtain the CMS framework of web programs and various web environments.

Collection of Cybersecurity Tools
https://wlxq.wxctf.com
