Explore tools

Cuckoo, also recognized as a malware analysis automation system, is an open-source platform tailored for automated malware analysis. Cuckoo proves invaluable in security assessments and research, offering capabilities for identifying and analyzing malware behavior, vulnerabilities, and network activity. When paired with Kali Linux, the preferred operating system for penetration testing, Cuckoo emerges as an essential tool for identifying and understanding malicious threats. In this post, we'll delve into Cuckoo's functionalities, provide instructions on how to install it on Kali Linux, and discuss efficient utilization techniques for automated malware analysis.

Digital Evidence Investigator (DEI) is a comprehensive forensic software solution developed by Magnet Forensics, designed to assist digital investigators in analyzing and extracting evidence from various digital sources. When combined with the versatile penetration testing distro Kali Linux, DEI becomes an invaluable tool for forensic professionals, law enforcement agencies, and cybersecurity experts. Below, we'll delve into the features, installation process, and how to effectively use Digital Evidence Investigator on Kali Linux.

Foremost, also referred to as a digital forensic tool, is an open-source program designed for file recovery and data carving. Foremost proves invaluable in digital investigations, aiding in the extraction of files from various storage media, even if metadata is lost or damaged. When integrated with Kali Linux, the preferred operating system for penetration testing and forensic analysis, Foremost emerges as an indispensable tool. In this post, we'll explore Foremost's functionalities, provide instructions on how to install it on Kali Linux, and discuss efficient utilization techniques for file recovery in digital forensics.

Volatility, also recognized as a versatile memory forensics framework, is an open-source tool invaluable for digital forensics investigations and memory analysis. When integrated with Kali Linux, the premier operating system for penetration testing and forensic analysis, Volatility emerges as a crucial asset for extracting valuable information from volatile memory dumps. In this article, we'll delve into Volatility's capabilities, provide guidelines for its installation on Kali Linux, and outline efficient utilization techniques for memory analysis in digital forensics.

Acunetix is a robust web vulnerability scanner designed to identify security vulnerabilities and weaknesses within web applications and websites. When integrated with Kali Linux, a widely-used platform for penetration testing, Acunetix becomes an indispensable tool for security professionals and enthusiasts alike. Here, we'll explore its features, installation process, and how to effectively utilize Acunetix on Kali Linux.

Suricata, also recognized as a versatile Intrusion Detection System (IDS), serves as an open-source solution vital for security assessments and network investigations. When integrated with Kali Linux, the premier operating system for penetration testing, Suricata emerges as an indispensable asset for discerning hosts, services, and potential vulnerabilities. In this article, we'll delve into Suricata's functionalities, provide guidelines for its installation on Kali Linux, and outline efficient utilization techniques.

Detectify is a robust web security scanner designed to help users identify vulnerabilities and security issues within web applications, APIs, and web infrastructure. When integrated with Kali Linux, a renowned platform for penetration testing, Detectify becomes a valuable asset for security professionals and enthusiasts alike. Here, we'll explore its features, installation process, and how to effectively utilize Detectify.

Snort, also known as Intrusion Detection System (IDS), is an open-source tool widely used for security monitoring and threat detection in network environments. Snort proves invaluable in identifying suspicious network activity, potential intrusions, and vulnerabilities, particularly when integrated with Kali Linux, the preferred operating system for penetration testing. In this article, we'll explore the features, installation steps for Snort on Kali Linux, and efficient utilization of its capabilities.

Zabbix is a robust and versatile open-source monitoring solution that provides real-time insights into the performance and availability of IT infrastructure components. When paired with Kali Linux, a renowned platform for penetration testing, Zabbix becomes an essential tool for monitoring network devices, servers, applications, and services. Here, we'll explore its features, installation process, and how to effectively utilize Zabbix on Kali Linux.

With the assistance of Nagios, a renowned monitoring system, users can oversee and track the health and performance of their IT infrastructure. When integrated with Kali Linux, a widely-used platform for penetration testing, Nagios becomes an invaluable asset for monitoring network resources, services, and systems. Below, we'll delve into Nagios' features, installation process, and how to effectively utilize it on Kali Linux.

Netcat, also known as "nc", is a powerful networking tool available in the public domain. It is suitable for security auditing and network investigation. Combined with the Kali Linux operating system, which is the preferred operating system for penetration testing, Netcat becomes an indispensable tool for identifying hosts, services and potential vulnerabilities. In this article, we will look at its capabilities, how to install Netcat on Kali Linux, and how to use this tool effectively.

For network investigation and security evaluations, Bettercap is a feature-rich and adaptable penetration testing application.

Penetration testers frequently utilise Ettercap, a potent network analysis tool, for security evaluations. This adaptable tool has several characteristics that make it a valuable addition to any cybersecurity professional's toolkit:

Dsniff is a set of potent tools for penetration testing and network audits. It is intended to intercept and examine network traffic, giving security experts information about possible openings and gaps in network settings.

T50 is an effective tool for stress testing and testing network equipment, including intrusion detection systems, firewalls, and routers. In order to evaluate the functionality, security, and stability of network infrastructures, it generates a considerable amount of network traffic.

A network tool called Yersinia is made expressly for examining and assessing network protocols and their weaknesses. This tool, which bears the name of the plague-causing bacteria Yersinia pestis, focuses on a variety of network-layer assaults, including attacks against network protocols including DHCP, STP, and VLAN.

A specialised tool called THC-SSL-DoS is used to evaluate the security and performance of SSL/TLS services. The Hacker's Choice (THC) created it, and its main objective is to overwhelm servers with a large number of specially constructed SSL/TLS handshakes in order to attack weaknesses in SSL/TLS implementations.

Wrk is a contemporary HTTP benchmarking tool used to gauge server and web application performance. It is notable for being multithreaded and for being able to put a heavy strain on web servers in order to mimic real-world situations.

A powerful command-line programme called Siege is intended for server and web application benchmarking and stress testing. By simulating concurrent user activity, testers may evaluate a system's capacity to manage heavy traffic and spot performance bottlenecks.

Hping is a flexible command-line tool for penetration and network testing. Its many capabilities make it an excellent option for network managers and security specialists.

A straightforward yet powerful tool for locating rootkits on Unix-based systems is called Chkrootkit. Malicious software called rootkits can undermine a system's security by granting unauthorised access and disguising their existence.

A potent digital forensics tool for timeline analysis is Plaso, sometimes called log2timeline. It is particularly good at making super-timelines, which provide investigators a chronological rundown of everything that has happened on a system.

Guymager is a potent imaging tool made for data gathering and digital forensics.

With its extensive feature set for examining disc images and file systems, Autopsy is a potent digital forensics tool.

Developed for Kali Linux, Airgeddon is a potent and adaptable wireless security evaluation tool. It provides penetration testers and security experts with an extensive set of skills and is jam-packed with features.

Among the tools available in Kali Linux, Ghost Phisher is unique in that it is made specifically for creating and carrying out simulated Wi-Fi assaults. Ghost Phisher is a tool for security experts and ethical hackers that provides capabilities specifically designed for penetration testing and social engineering situations.

With Kali Linux in mind, Wifite is a potent and adaptable wireless auditing tool. Its features simplify the process of locating and evaluating vulnerabilities in Wi-Fi networks, meeting the demands of security experts and penetration testers.

A powerful and intuitive tool for evaluating wireless network security is Fern WiFi Cracker. Its many features enable cybersecurity experts and ethical hackers to find weaknesses in Wi-Fi networks and strengthen them.

Emerging as a formidable weapon in Kali Linux's toolbox, Fluxion focuses on taking advantage of flaws in Wi-Fi security standards.

In the field of wireless network security, Kismet is a powerful tool that enables cybersecurity experts and ethical hackers to evaluate and strengthen the security of wireless infrastructures.

Reaver is a strong and specialised tool made for breaking into Wi-Fi networks and using flaws in the Wi-Fi Protected Setup (WPS) protocol to test network security.

Patator is a flexible and expandable vulnerability assessment and brute-force tool for evaluating the security of different services and systems. It is a useful tool for penetration testers and security experts as it supports a variety of protocols and attack kinds.

An extensive toolkit for auditing wireless networks is called Aircrack-ng. It is frequently used to evaluate the security of Wi-Fi networks and carry out other wireless security-related operations. Here are a few of Aircrack-ng's salient characteristics:

Ncrack is a strong and adaptable network authentication cracking tool used to evaluate network service security. It is designed especially for using brute-force attacks to find weak credentials and is a component of the Nmap Project.

When it comes to attacking hashed passwords, Hashcat is a highly effective and adaptable password cracking tool. It is notable for its effectiveness and speed, especially when utilising the processing capacity of graphics processing units (GPUs).

A powerful and adaptable brute-force assault tool for penetration testing and security evaluations is called Medusa. Because of its capabilities, cybersecurity experts looking to evaluate the robustness of authentication techniques will find it to be a useful tool.

A popular open-source password cracking programme is called John the Ripper, or just known as John. Its purpose is to find weak passwords by using different attack techniques.

Penetration testers and security experts utilise Hydra, a strong and adaptable password-cracking tool, to launch online assaults on a range of login-based systems. Its extensive support for many protocols and services renders it an invaluable tool for security evaluations.

A potent open-source penetration testing tool called SQLMap was created expressly to find and take advantage of SQL injection flaws in online applications. When performing assessments on online applications, penetration testers and security experts need to have this tool in their toolbox.

Sn1per is a potent reconnaissance and vulnerability scanning application made for Kali Linux users by penetration testers and security experts. Sn1per, which is jam-packed with functionality, simplifies the information-gathering stage of security assessments and ethical hacking. The following crucial characteristics of Sn1per make it an essential penetration testing tool:

A specialised open-source intelligence (OSINT) programme called Metagoofil is made to extract metadata from documents that are made available to the public. Designed specifically for Kali Linux,

OsintFramework is a powerful web-based tool that provides a multitude of capabilities to enable those involved in open-source intelligence (OSINT) activities:

An effective open-source intelligence (OSINT) tool for gathering important data from a variety of sources is theHarvester.

Maltego is a powerful open-source intelligence (OSINT) instrument intended for data mining and reconnaissance. Its graphical user interface, which offers a simple method of visualising and analysing correlations between different data points, makes it stand out.

An open-source intelligence (OSINT) automation programme called SpiderFoot is intended for information collecting and reconnaissance. This adaptable architecture helps investigators, penetration testers, and cybersecurity experts gather and examine data from many sources to build a complete picture of a target. Here's an exploration of SpiderFoot's key features and functionalities:

For information collection and online reconnaissance, Recon-ng is a strong and adaptable open-source reconnaissance framework. It has a modular framework that makes it possible for penetration testers and security experts to carry out exhaustive investigations.

As a complete solution for web application security testing, Burp Suite stands out and is an essential addition to penetration testers' and security experts' toolkits. When combined with Kali Linux, the go-to distribution for penetration testing, Burp Suite turns into a vital tool for finding security holes and protecting online apps. We'll look at the features, how to install Burp Suite on Kali Linux, and how to use it in this article.

A graphical programme called DirBuster is intended for brute-forcing web application directories. When DirBuster is combined with Kali Linux, a penetration testing distribution of choice, it becomes an invaluable tool for locating hidden folders and possible security holes in web applications. We'll go over the features, how to install DirBuster on Kali Linux, and how to use it efficiently in this article.

A command-line utility called Gobuster is made for brute-forcing files and directories in online applications. Integrating Gobuster into Kali Linux—a system that is frequently used for penetration testing—makes it a valuable tool for locating possible weaknesses and undiscovered pathways in online applications. We'll explore Gobuster's features, installation procedure, and efficient Kali Linux usage in this article.

Nmap, sometimes known as Network Mapper, is an open-source programme that is useful for security audits and network research. Nmap becomes an indispensable tool for identifying hosts, services, and possible vulnerabilities when used in conjunction with Kali Linux, the operating system of choice for penetration testing. We'll go over the features, how to install Nmap on Kali Linux, and how to use it efficiently in this post.

With the help of the robust and popular network protocol analyzer Wireshark, users may record and examine data as it moves across a network. When combined with the well-known penetration testing distro Kali Linux, Wireshark turns into a priceless resource for both security experts and hobbyists. We'll go over the features, how to install it, and how to use Wireshark on Kali Linux in this post.

An open-source security tool called OWASP ZAP (Zed Attack Proxy) is used to identify vulnerabilities in web applications as they are being developed and tested.

Web application security scanner Skipfish is renowned for its effective vulnerability identification, strong crawling capabilities, and active scanning methodology.

A potent open-source web server scanner for thorough security evaluations is called Nikto. Nikto is a feature-rich application that is indispensable for penetration testers, security experts, and system administrators. It was created to find possible vulnerabilities and flaws in web servers.

For various Active Directory enumeration techniques and assaults, Pentest User Interface (PentestUI) is an automated web interface built using Django.Additionally, you may see the results of past enumeration attempts or assaults on the Active Directory structure.

In order to apply "Shadow Credentials" to the target account, the gssapi-abuse tool manipulates the msDS-KeyCredentialLinkattribute of Active Directory user and computer accounts. Michael Grafnetter's (@MGrafnetter) work from DSInternals served as the foundation for this utility.

A C# utility called Whisker is intended to hijack ActiveDirectory user and machine accounts by changing the DS-KeyCredentialLink property. The target account now has "ShadowCredentials" in effect. The environment must have a Domain Controller running Windows Server 2016 or later for this tool to work properly, and the Domain Controller must have a server authentication certificate to permit PKINIT Kerberos authentication.

This Node.js module was created as a wrapper for ldapjs and was intended for Active Directory authentication and utilities. Please be aware that the module is no longer supported. The most recent versions of Node.js and ldapjs may not be compatible with the most recent upgrade, which was issued four years ago.

Built for the web, ADAM is a slick, user-friendly, permission-based account/group management. It enables you to administer your Active Directory system from any device that has a browser and an internet connection.

By forcing authentication from machine accounts (Petitpotam) and relaying to the certificate service, ADCSPwn is a tool created to increase privileges in an Active Directory network.

SharpSpray is a.NET C# password-spraying programme for Windows domains. It is a modified version of DomainPasswordSpray that was ported to C#. The utility communicates with ActiveDirectory services using the LDAP protocol.

A programme called Talon is made for automated password guessing attempts that try to go unnoticed. It can execute password guessing attacks against Kerberos and LDAPS services, enumerate a list of users using Kerberos, and identify legitimate users. The Golang-created programme offers flexible solutions for password assaults and supports both the Kerberos and LDAP protocols.

The autobloody utility automates the Active Directory privilege escalation routes suggested by BloodHound. If a privilege escalation path is present in the BloodHound database, it simplifies the process of exploiting it between two AD objects, the source (owned) and the target (desired).

A PowerShell module called ADReportingTools is intended to make it easier to generate reports and get data from your Active Directory domain. It makes it easier to get useful information without the need for complex filters or a thorough knowledge of Active Directory property names.

For Microsoft's Active Directory, DCEPT (Domain Controller Enticing Password Tripwire) is a tripwire mechanism based on honeytokens. By employing credentials that, if used, signal prospective intruders trying privilege escalation to domain administrator, it acts as a defence mechanism.A server component, agents, and a monitor are all included in the system to look for such behaviours.

Aws-adfs is a command-line utility with support for multi-factor authentication (MFA) that makes it easier to authenticate against Active Directory Federation Services (ADFS) using the AWS CLI. It eliminates the requirement to keep the user's real credentials by enabling re-login to AWS SecurityToken Service (STS) without inputting credentials for a protracted length of time. It interacts with several MFA providers, such as Duo Security, Symantec VIP, RSA SecurID, and Azure AD MFA, and it supports automation tools like Ansible.

Spray is a password-spraying programme made specifically for ActiveDirectory logins. It was created by Jacob Wilkin (Greenwolf) and offers a versatile and effective method for conducting password spraying attacks against numerous sites.

By offering practical commands for Active Directory Domain Controllers, the Active Directory Attack Tool (ADAT) is a flexible tool intended to help CTF gamers and penetration testers. It works best when applied to the targethost using a set of known valid credentials.

Resources in an Azure subscription have a "attack graph" created by Stormspotter. Red teams and pentesters can use it to help them visualise an attack surface and pivot opportunities inside a tenant. Additionally, it aids in immediately orienting and prioritising defenders' event reaction activity.

Using LDAP queries, the Python programme ad-ldap-enum gathers data from ActiveDirectory about users, machines, and their group memberships. Traditional tools might not function rapidly enough in big Active Directory installations. This programme runs LDAP queries against a domain controller, enabling the quick compilation of group membership data and the selective extraction of particular Active Directory properties.

A visualisation of "control relations" between domain items (such as users, machines, groups, GPOs, containers, etc.) is provided by Active Directory Control Paths. These control pathways provide the answers to queries such as "Who can obtain "Domain Admins" privileges?" and "Who can view theCEO's emails?"

PassCore is a simple one-page online application written in C# that makes use of Microsoft Directory Services, Material UI (React Components), and ASP.NET Core. Assuming the user is not deactivated, it allows users to independently update their Active Directory/LDAP password. PassCore requires very little setup because it gets the principal context from the current domain automatically.

A PowerShell programme called adPEAS is made specifically for automating ActiveDirectory enumeration. It features some unique PowerShell code and acts as a wrapper for a number of other projects, including PowerView, PoshADCS, and Bloodhound. This application makes it easier to retrieve data from Active Directory, examine permissions, and look for any security vulnerabilities.

A Python library called Certipy was created to make it easier to maintain and automate digital certificates, with an emphasis on using Microsoft Certificate Services (AD CS). The library intends to make managing, installing, and generating certificates in a Windows context easier.

A suitable Pythonic interface to communicate with Active Directory through ADSI on the Windows platform is provided by the pyad Python package. The library makes Active Directory-related operations easier by offering classes for a variety of objects, including users and groups. Within the Active Directory context, it enables the creation, deletion, and searching of objects.

A tool for Active Directory (AD)security analysis is called Adalanche. It makes the process of querying and visualising ADrelationships easier while also revealing any security flaws. Data from Windows computers, Active Directory, and Group Policy Objects may be analysed with this programme.

A Microsoft-signed DLL for the ActiveDirectory PowerShell module is called the ADModule. It acts as a backup for the MicrosoftActiveDirectory PowerShell module, which is installed and available in Server 2016 using RSAT (Remote Server Administration Tools). Generally speaking, the DLL may be found in C:\Windows\Microsoft.NET\assembly\GAC 64\The remaining module files are located in C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\, along with Microsoft.ActiveDirectory.Management.

Graph theory is used by BloodHound, a potent Active Directory (AD) analysis tool, to reveal and visualise relationships inside an AD system. It helps security teams on the offensive and defensive by locating and removing potential attack routes.

For hacking Windows authentication systems, Rubeus is a potent tool. Rubeus, a tool created by the GhostPack team, offers a wealth of functionality for doing security testing and launching attacks in a Windows environment. It may be exploited in a number of Kerberos ticket attacks, giving an attacker access to the network's privileges.

Mimikatz is a potent instrument made for investigating and learning about Windows security. It was created by BenjaminDELPY (gentilkiwi), and it's renowned for its capacity to recall plaintext passwords, hashes, PIN numbers, and Kerberos tickets. The tool enables a number of actions, including constructing Golden tickets, pass-the-hash and pass-the-ticket.

A strong Python library created for interfacing with network protocols is called Impacket. Impacket is a network protocol implementation tool that was first developed by SecureAuth and is currently maintained by Fortra's Core Security. It focuses on giving low-level programmatic access to packets and other network protocols. It allows for the creation and processing of packets and provides an object-oriented API for interacting with complex protocol hierarchies. The library also has tools as examples of what may be done practically using its features.

Powermad is a robust toolkit made for taking use of Active Directory machine account quotas and carrying out different DNS-related tasks. For penetration testers and security experts, it offers functionality to change machine accounts, DNS data, and other Active Directory components.

PowerSploit is a group of PowerShell modules used for security audits and penetration testing. It offers a range of tools that penetration testers and security experts may utilise throughout the various stages of an evaluation. Code execution, antivirus bypass, exfiltration, persistence, privilege escalation, reconnaissance, and other topics are covered in the modules.

The tool Snaffler is made for penetration testers and red team members to find important data (credentials and more) in sizable Windows/Active Directory setups. It is designed as a tool for finding sensitive material in a data haystack rather than as a "audit" tool.

ItWasAllADream is a Python-based scanner for PrintNightmare, also known as CVE-2021-34527. When the Print Spooler service is active on Windows computers, this vulnerability enables remote code execution. The programme creates a CSV report with the findings after scanning complete subnets to find hosts vulnerable to the RCE portion of PrintNightmare, not the local privilege escalation (LPE). The MS-PAR and MS-RPRN protocols are tested for exploitability.

A tool for security audits and SQL Server penetration testing is called PowerUpSQL. It has features for SQL Server discovery, auditing weak configurations, scalability of privilege escalation, and post-exploitation operations like running OS commands. Administrators can utilise PowerUpSQL for activities like SQL Server inventory and common threat hunting connected to SQL Server, while internal penetration testing and red team engagements are its main use cases.

A security tool called PingCastle is made to swiftly evaluate the security of Active Directory installations. In order to give an effective compromise for assessing Active Directory security, it utilises a risk assessment and maturity framework approach. It seeks to provide you with a summary of your Active Directory infrastructure's security posture.

Using CVE-2021-42278 and CVE-2021-42287, the noPac tool may pretend to be a Domain Administrator (DA) from an ordinary domain user. Attackers are able to escalate privileges by taking advantage of vulnerabilities.

Discovering Resource-Based Constrained Delegation (RBCD) attack pathways in Active Directory setups is the goal of the Get-RBCD-Threaded tool. This tool aids in the identification of possible targets for RBCD attacks, which take use of Kerberos limited delegation settings.

The GetDomainController Python programme aims to quickly locate Windows domain controllers and Exchange servers within a given domain by leveraging DNS. It offers versatility in output formats and can be helpful in a variety of situations to learn more about domain controllers and Exchange servers.

PowerView's Invoke-ShareFinder.ps1 has an analogue in the Python script FindUncommonShares. It makes it easier to quickly find unusual shares in sizable Windows Active Directory domains. The script uses multithreaded connections to effectively find SMB shares and is made to work with low privileges using a domain user account.

A C# programme called Certify is intended for listing and taking advantage of Active Directory Certificate Services (AD CS) misconfigurations. In an Active Directory context, it especially focuses on discovering vulnerabilities linked to certificate templates and associated permissions.The application enables security administrators and experts to evaluate the security posture of their AD CS setup, spot any possible weak points, and take the necessary precautions to reduce risks.

ADRecon is an Active Directory enumeration and scanning tooldesigned for security researchers and penetration testers. It extracts andcombines various artifacts from an Active Directory (AD) environment and canpresent the information in a specially formatted Microsoft Excel report. Thetool covers a wide range of AD elements, including users, groups, computers,trusts, and more, facilitating security assessments and providing a holisticview of the AD environment.

A Golang programme called ADReaper was created to quickly renumber an Active Directory environment using LDAP queries. It enables a number of commands that carry out LDAP searches in relation to particular elements of the Active Directory.

ADHuntTool is a C# application created for RedTeam use cases. This tool is designed for researching and analysing Active Directory environments. It may be used as a standalone executable or run using the execute-assembly command in Cobalt Strike. It permits investigation into numerous Active Directory features to locate potential flaws and vulnerabilities.

ACLight is a programme created to find privileged accounts in ActiveDirectory setups using sophisticated Access Control Lists (ACLs) analysis.

Python-coded Wapiti is a potent online vulnerability detector. As a black-box vulnerability scanner, it examines the deployed web application's pages, extracting links and forms, and attacking the scripts rather than studying the source code of web applications.

For penetration testers and security experts, W3AF is a potent web application security testing framework. It offers a comprehensive range of tools for identifying and taking advantage of online application vulnerabilities. A tutorial for installing and using W3AF on Kali Linux is provided below.

RapidScan is a multi-tool web vulnerability scanner created to automate running several security scanning tools to find vulnerabilities, evaluate false positives, correlate findings, and save time during penetration testing engagements. While the Python2.7 source is accessible under the v1.1 releases section, the tool has been translated to Python3 (v1.2).