Kali Linux is the operating system most frequently used by both ethical hackers and malicious hackers for almost every aspect of cybersecurity. Kali includes almost every imaginable hacking tool, which means learning to use it is a journey, not a simple skill that can be picked up watching a 10-minute tutorial.
Based on the Debian Linux distribution, Kali includes hacking tools that can be used to carry out and defend against brute-force attacks, wireless attacks, IP spoofing attacks, reverse-engineering attacks, password cracking, dictionary attacks, phishing attacks, SQL injection and more.
Other Kali tools are more aligned with ethical hackers using penetration testing tools, network security information gathering, vulnerability assessment, security testing and security auditing. As a general platform, it also enables cybersecurity professionals to take an offensive rather than a defensive security stance by actively detecting vulnerabilities.
What tools are included in Kali Linux?
The better question to ask is: What cybersecurity tools are not included in Kali Linux? While some cybersecurity toolkits focus on a small number of best-of-category tools, Kali Linux is much more comprehensive. While some cybersecurity platforms integrate multiple different utilities, Kali Linux can be viewed as an entire cybersecurity superstore, offering numerous different suites of tools.
The Kali distribution includes hundreds of tools in a dozen different categories. Some of the bigger collections include the following:
- Information gathering. This category includes tools used for everything from identifying all the devices on a network -- enumerating -- to linking a network interface controller's media access control address with an IP address to identifying open ports on targeted servers. Kali Linux information gathering tools include scanners, such as Nmap and Wireshark, as well as information planning platforms that integrate the leading tools, often with GUIs for more comprehensive functionality.
- Wireless attacks. This category includes a broad range of utilities to carry out cybersecurity exercises -- or hack attacks -- against wireless systems, including those connected by Bluetooth and Wi-Fi. The top Kali wireless utility is Aircrack-ng, a software suite that includes a network detector, wireless packet sniffer and credential cracking tools used to attack wireless authentication protocols, such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access.
- Web applications. This category covers a lot of ground, and like everything in Kali, tools exist for almost any pen testing or red-teaming exercise involving web applications. While OWASP is a rich cybersecurity platform for network attacks and defenses included with Kali, OWASP Zed Attack Proxy is just one of the many utilities available for attacking web apps.
- Password attacks. This category includes standalone password cracker tools, such as Hydra, Ncrack, Hashcat and John the Ripper. It also includes utilities that help increase the effectiveness of any password cracker, such as Crunch, a program for generating wordlists; Ophcrack, a program that uses rainbow tables to crack Windows passwords; and more.
This abundance of options makes Kali Linux a challenge for beginners looking for an easy tutorial to get started, but it also makes it an indispensable resource for the experienced pen tester or hacker. Consider the information gathering category, which, by some counts, includes well over 60 individual tools.
While network protocol analyzers, such as Nmap or Wireshark, may be the best-known information gathering tools, they aren't the only ones. Some of the lesser-known ones are best for specific purposes. For example, Maltego is a utility for gathering open source information about targets using public websites, such as Shodan, the Wayback Machine internet archive, WHOIS lookups and more.
InfoSploit is another specialized information gathering tool used to scan web servers for web application vulnerabilities in content management platforms, such as WordPress and Joomla. Even more specialized is the WPScan tool, which probes WordPress sites and can detect installed plugin versions that may be vulnerable to attack.
Also included with Kali is the Metasploit framework, a more comprehensive cybersecurity platform that can be used for everything from port scanning to password sniffing, identifying active network services and seeking out potentially vulnerable Microsoft SQL Server implementations. But, if you want to identify SQL servers on a particular website -- including the ability to detect exploitable SQL injection flaws -- then sqlmap is the utility for you.
Integration is one of the greatest benefits of using these tools on Kali Linux. Ethical hackers on a pen testing engagement can use the Metasploit framework, through which they get access to any of the individual Kali Linux tools integrated with Metasploit. Another benefit of Kali tool integration is that many security tools are designed as Unix processes that can be started from the command line. Integration of these individual utilities in more comprehensive platforms means users can get the same powerful results from command-line tools that are integrated within the platforms.
Gaining skill using Kali Linux tools
Part of the process of learning to use Kali Linux for cybersecurity tasks is gaining an understanding of how Kali functions to integrate all the individual cybersecurity tools a pen tester or ethical hacker could need. As noted above, information gathering is not limited to the most common tools for sniffing packets, such as Wireshark or Nmap. And the use of those tools, especially when they are integrated into other platforms like Metasploit, builds on the process of narrowing down routes to gaining the information needed to complete the assignment.
This is how Kali functions best -- building on the user's experience in network security. Many of the general Kali tools are useful for wireless hacking, but many tools are designed specifically for action on Wi-Fi networks. For example, the Aircrack-ng suite includes tools for password cracking against WEP and other wireless authentication protocols, as well as for capturing packets, crafting packet payloads for attacks and more.
But, for instances where Wi-Fi Protected Setup is being used, the Reaver tool helps by performing brute-force attacks against the WPS router. And, if Reaver by itself is not enough, Pixiewps is a tool that builds on top of Reaver to target a different WPS vulnerability.
Similarly, the Burp suite of tools for pen testing focuses on testing web applications, with tools such as Spider, a web spider/web crawler utility used to map endpoints on remote servers. Repeater is a utility for repeating a user request submission with manual changes used to check on whether the remote server is verifying submissions and to discover web application vulnerabilities.
Kali Linux is not just full of hundreds of different cybersecurity tools; it is a platform of platforms, functioning as a suite of suites with collections of specific types of tools that make it the ultimate social engineering toolkit.