Kali Tools Descriptions
Last updated: Dec 03, 2016
I created this because I wanted a way to see all of the tools installed on Kali and a short description. It is based on the tool listing here: http://tools.kali.org/tools-listing I plan on adding a few every day until it is completed. I also plan on writing a script to check when something on the page has changed so this will remain up to date.
Table of Contents
- Information Gathering
- Vulnerability Analysis
- acccheck - The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution
- ace-voice - ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface.
- Amap - Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
- Automater - Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.
- bing-ip2hosts - Bing has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address.
- braa - Braa is a mass snmp scanner.
- CaseFile - CaseFile is the little brother to Maltego. It targets a unique market of ‘offline’ analysts whose primary sources of information are not gained from the open-source intelligence side or can be programmatically queried.
- CDPSnarf - CDPSnarf is a network sniffer exclusively written to extract information from CDP packets.
- cisco-torch - discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.
- Cookie Cadger - helps identify information leakage from applications that utilize insecure HTTP GET requests.
- copy-router-config - Copies configuration files from Cisco devices running SNMP.
- Dmitry - DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.
- dnmap - a framework to distribute nmap scans among several clients.
- dnsenum - Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.
- dnsmap - subdomain brute forcer
- DNSRecon - a DNS enumeration script
- dnstracer - determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer.
- dnswalk - performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy.
- DotDotPwn - intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.
- enum4linux - a tool for enumerating information from Windows and Samba systems.
- enumIAX - an Inter Asterisk Exchange protocol username brute-force enumerator
- Fierce - a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for.
- Firewalk - an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass.
- fragroute - intercepts, modifies, and rewrites egress traffic destined for a specified host.
- fragrouter - a network intrusion detection evasion toolkit.
- Ghost Phisher - a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy.
- GoLismero - an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans.
- goofile - search for a specific file type in a given domain.
- hping3 - inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
- inTrace - a traceroute-like application that enables users to enumerate IP hops exploiting existing TCP connections, both initiated from local network (local system) or from remote hosts. It could be useful for network reconnaissance and firewall bypassing.
- iSMTP - Test for SMTP user enumeration (RCPT TO and VRFY), internal spoofing, and relay.
- lbd - detects if a given domain uses DNS and/or HTTP Load-Balancing
- Maltego Teeth - allows penetration testers and attackers to use powerful tools for SQL injection, password breaking, and vulnerability detection through a graphical interface.
- masscan - the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.
- Metagoofil - an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.
- Miranda - Miranda is a Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices, particularly Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible vulnerabilities.
- Nmap - a free and open source (license) utility for network discovery and security auditing.
- Ntop - a tool that shows the network usage, similar to what the popular top Unix command does.