This is the most complete list of tools which hackers use to penetrate and hack environments. The tools which are listed here are free to use and there are tons of documentation available which allow you to get a better understanding on how to use the listed tools – and if you do not want to read, you can use the Youtube search engine to find videos which teach you how to use the listed hacking tools.
Do keep in mind that hacking a device which is not yours is illegal, and in some countries you can be jailed for hacking into devices. Use these tools at your own risk – we have only listed them here for education purposes.
Information gathering tools
Hackers often have to perform research before they are able to perform an attack, and in order to speed up their research, they can use information gathering tools – these tools will lookup various public and private sources for information which can be used by the hacker.
It is important for the hacker to know which tool to use in order to get the right information – for example, if a hacker wants to see which ports are enabled on an external server, the hacker can use the NMAP tool to perform a port scan on the designated target server.
|
Information gathering tools |
|||||
| acccheck | copy-router-config | enumIAX | InTrace | Parsero |
theHarvester |
| ace-voip | DMitry | exploitdb | iSMTP | Recon-ng | TLSSLed |
| Amap | dnmap | Fierce | lbd | SET | twofi |
| Automater | dnsenum | Firewalk | Maltego Teeth | smtp-user-enum | URLCrazy |
| bing-ip2hosts | dnsmap | fragroute | masscan | snmpcheck | Wireshark |
| braa | DNSRecon | fragrouter | Metagoofil | sslcaudit | WOL-E |
| CaseFile | dnstracer | Ghost Phisher | Miranda | SSLsplit | Xplico |
| CDPSnarf | dnswalk | GoLismero | Nmap | sslstrip | |
| cisco-torch | DotDotPwn | goofile | ntop | SSLyze | |
| Cookie Cadger | enum4linux | hping3 | p0f | THC-IPV6 | |
Vulnerability Analysis Tools
|
Vulnerability Analysis tools |
|||
| BBQSQL | DotDotPwn | openvas-administrator |
sqlmap |
| BED | Greenbone Security Assistant | openvas-cli | Sqlninja |
| cisco-auditing-tool | GSD | openvas-manager | sqlsus |
| cisco-global-exploiter | HexorBase | openvas-scanner | THC-IPV6 |
| cisco-ocs | Inguma | Oscanner | tnscmd10g |
| cisco-torch | jSQL | Powerfuzzer | unix-privesc-check |
| copy-router-config | Lynis | sfuzz | Yersinia |
| DBPwAudit | Nmap | SidGuesser | |
| Doona | ohrwurm | SIPArmyKnife | |
Exploitation Tools
- Armitage
- Backdoor Factory
- BeEF
- cisco-auditing-tool
- cisco-global-exploiter
- cisco-ocs
- cisco-torch
- Commix
- crackle
- jboss-autopwn
- Linux Exploit Suggester
- Maltego Teeth
- SET
- ShellNoob
- sqlmap
- THC-IPV6
- Yersinia
Forensics Tools
- Binwalk
- bulk-extractor
- Capstone
- chntpw
- Cuckoo
- dc3dd
- ddrescue
- DFF
- diStorm3
- Dumpzilla
- extundelete
- Foremost
- Galleta
- Guymager
- iPhone Backup Analyzer
- p0f
- pdf-parser
- pdfid
- pdgmail
- peepdf
- RegRipper
- Volatility
- Xplico
Wireless Attacks
- Aircrack-ng
- Asleap
- Bluelog
- BlueMaho
- Bluepot
- BlueRanger
- Bluesnarfer
- Bully
- coWPAtty
- crackle
- eapmd5pass
- Fern Wifi Cracker
- Ghost Phisher
- GISKismet
- Gqrx
- gr-scan
- kalibrate-rtl
- KillerBee
- Kismet
- mdk3
- mfcuk
- mfoc
- mfterm
- Multimon-NG
- PixieWPS
- Reaver
- redfang
- RTLSDR Scanner
- Spooftooph
- Wifi Honey
- Wifitap
- Wifite
Web Applications
- apache-users
- Arachni
- BBQSQL
- BlindElephant
- Burp Suite
- CutyCapt
- DAVTest
- deblaze
- DIRB
- DirBuster
- fimap
- FunkLoad
- Grabber
- jboss-autopwn
- joomscan
- jSQL
- Maltego Teeth
- PadBuster
- Paros
- Parsero
- plecost
- Powerfuzzer
- ProxyStrike
- Recon-ng
- Skipfish
- sqlmap
- Sqlninja
- sqlsus
- ua-tester
- Uniscan
- Vega
- w3af
- WebScarab
- Webshag
- WebSlayer
- WebSploit
- Wfuzz
- WPScan
- XSSer
- zaproxy
Stress Testing
- DHCPig
- FunkLoad
- iaxflood
- Inundator
- inviteflood
- ipv6-toolkit
- mdk3
- Reaver
- rtpflood
- SlowHTTPTest
- t50
- Termineter
- THC-IPV6
- THC-SSL-DOS
Sniffing & Spoofing
- Burp Suite
- DNSChef
- fiked
- hamster-sidejack
- HexInject
- iaxflood
- inviteflood
- iSMTP
- isr-evilgrade
- mitmproxy
- ohrwurm
- protos-sip
- rebind
- responder
- rtpbreak
- rtpinsertsound
- rtpmixsound
- sctpscan
- SIPArmyKnife
- SIPp
- SIPVicious
- SniffJoke
- SSLsplit
- sslstrip
- THC-IPV6
- VoIPHopper
- WebScarab
- Wifi Honey
- Wireshark
- xspy
- Yersinia
- zaproxy
Password Attacks
- acccheck
- Burp Suite
- CeWL
- chntpw
- cisco-auditing-tool
- CmosPwd
- creddump
- crunch
- DBPwAudit
- findmyhash
- gpp-decrypt
- hash-identifier
- HexorBase
- THC-Hydra
- John the Ripper
- Johnny
- keimpx
- Maltego Teeth
- Maskprocessor
- multiforcer
- Ncrack
- oclgausscrack
- PACK
- patator
- phrasendrescher
- polenum
- RainbowCrack
- rcracki-mt
- RSMangler
- SQLdict
- Statsprocessor
- THC-pptp-bruter
- TrueCrack
- WebScarab
- wordlists
- zaproxy
Maintaining Access
- CryptCat
- Cymothoa
- dbd
- dns2tcp
- http-tunnel
- HTTPTunnel
- Intersect
- Nishang
- polenum
- PowerSploit
- pwnat
- RidEnum
- sbd
- U3-Pwn
- Webshells
- Weevely
- Winexe
Reverse Engineering
- apktool
- dex2jar
- diStorm3
- edb-debugger
- jad
- javasnoop
- JD-GUI
- OllyDbg
- smali
- Valgrind
- YARA
Reporting Tools
- CaseFile
- CutyCapt
- dos2unix
- Dradis
- KeepNote
- MagicTree
- Metagoofil
- Nipper-ng
- pipal
All of the tools which are mentioned above are pre-installed in the Kali Linux distro which you can download for free at https://www.kali.org/.