Linux has been a favorite operating system for techies, geeks, and hackers since the beginning. While there are many flavors of Linux available, pen testers have largely migrated to Kali Linux because of a number of built in tools that are available.
About Kali Linux
Kali Linux is an open source project purpose built for information security and penetration testing. Kali Linux was built and is still maintained and funded by Offensive Security, an information security training and services company.
My top 5 favorite tools on Kali Linux
This is by no means an exhaustive list or meant to be the greatest list of all times. This is just a list based on the small sample of tools I have tried out on Kali Linux while learning penetration testing basics.
WPscan is a fantastic tool for testing websites built on WordPress. As one of the most popular content management systems on the web, WpScan should be at the top of your tool box.
WpScan scans through the targeted wordpress website and reports on information hidden in the backend of the site, as well as scans for known vulnerabilities. There are also additional brute force options using WpScan. If you are testing a client’s wordpress site, you should definitely use WPscan to check vulnerabilities.
Aircrack is a Wifi network security tool. In addition to collecting and monitoring data on the wifi network, it also has built in tools to attack the network for testing purposes.
Wirshark is a very popular tool for analyzing newwork activity and for sniffing the network. Don’t skip trying Wireshark.
Skipfish is similar to WpScan, but not built for any specific CMS. It can test nearly all types of web applications.
Apktool was a fun little tool when working with game developers. It helps to find vulnerabilities in mobile apps.
For more information on tools available on Kali Linux, visit their site: