Kali linux tools
What tools come with Kali Linux? (List of Tools)
What tools come with Kali Linux? (List of Tools) Five popular tools.
Below is a List of tools that come pre-installed for ethical hacking using Kali Linux. This list is by no means expansive as Kali has a plethora of tools, all of which cannot be listed and explained in one article.
1. Aircrack-ng
Aircrack-ng is a suite of tools used to assess WiFi network security. It focuses on key areas of WiFi security:
- Monitoring: Packet capture and export of data to text files for further processing by third-party tools
- Attacking: Replay attacks, de-authentication, fake access points, and others via packet injection
- Testing: Checking WiFi cards and driver capabilities (capture and injection)
- Cracking: WEP and WPA PSK (WPA 1 and 2)
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris.
2. Nmap
Network Mapper, also commonly known as Nmap is a free and open source utility for network discovery and security auditing. Nmap uses raw IP packets in stealthy ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
Many systems and network administrators also find it useful for tasks like:
- network inventory
- managing service upgrade schedules
- monitoring host or service uptime
3. THC Hydra
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, FTP, HTTP, HTTPs, SMB, several databases, and much more. it can be used to crack into web scanners, wireless networks, packet crafters, etc.
4. Nessus 
Nessus is a remote scanning tool that you can use to check computers for security vulnerabilities. It does not actively block any vulnerabilities that your computers have but it will be able to sniff them out by quickly running 1200+ vulnerability checks and throwing alerts when any security patches need to be made.
5. WireShark 
Wireshark is an open-source packet analyzer that you can use free of charge. With it, you can see the activities on a network from a microscopic level coupled with pcap file access, customizable reports, advanced triggers, alerts, etc. It is reportedly the world’s most widely-used network protocol analyzer for Linux.
Demonstration of Power: Aircrack-ng and Crunch
Step 1: Check the name of your wireless interface and put it into monitor mode.
ifconfig wlo1 down iwconfig wlo1 mode monitor ifconfig wlo1 up
Step 2: Kill any processes that might interfere with the scan process. Always kill network administrator first. You might need to run the shown command more than once.
airmon-ng check kill
Step 3: After you have successfully killed all process, run the command – airodump-ng <interface-name>. It should produce a list of access points as shown below:
airodump-ng wlo1
Step 4: Choose the access point and run it along with the -w flag to write the result into a file. Our file is called capture.
airodump-ng -w capture -c 11 --bssid [mac-addr]
Step 5: Running the above command should show you the MAC address of the devices connected to that access point under ‘stations’.
Step 6 – This is the most important step in ethical hacking using Kali Linux. Here we will broadcast a de-authentication signal to the access point we have chosen to attack. This disconnects the devices connected to the access point. Since these devices will most likely have the password stored they will try to auto reconnect. This will start a 4-way handshake between the device and the access point and will be captured in the scan going on from step 4 (yes, that scan is still running in the background).
aireplay-ng -0 0 -a [mac] wlo1
Step 7: Now we will use crunch along with aircrack-ng. Crunch is a wordlist generator. This process to crack passwords assumes you know a little about the password, for example, the length, some specific characters etc. The more you know, the faster the process. Here I have tried to generate a list of words that begin with ‘sweetship’, as I know that password contains that phrase. The result is piped into the aircrack command which takes the capture files and compares the key values.
crunch 12 12 -t sweetship@@@ | aircrack-ng -w - capture-01.cap -e Nestaway_C105
Step 8: The scan results should look something like this depending on the parameters you have input.
Step 9: When the password is matched. It shows it in the bracket following ‘key found’.
