KALI LINUX TOOL LIST
This appendix contains a laundry list of hacking tools. Some of these tools allow you to automate your recon process, and others help you discover applications to attack. This list is not meant to be exhaustive; it only reflects tools I commonly use or know that other hackers use regularly. Also keep in mind that none of these tools should replace observation or intuitive thinking. Michiel Prins, co-founder of Hacker One, deserves credit for helping develop the initial version of this list and providing advice on how to effectively use tools when I started hacking.
Web proxies capture your web traffic so you can analyze requests sent and responses received. Several of these tools are available free of charge, although professional versions of such tools have additional features.
Burp Suite (https://portswigger.net/burp/) is an integrated platform for security testing. The most helpful of the tools in the platform, and the one I use 90 percent of the time, is Burp’s web proxy. Recall from the bug reports in the book that the proxy allows you to monitor your traffic, intercept requests in real time, modify them, and then forward them. Burp has an extensive set of tools, but these are the ones I find most noteworthy:
- An application-aware Spider for crawling content and functionality (either passively or actively)
- A web scanner for automating vulnerability detection
- A repeater for manipulating and resending individual requests
- Extensions to build additional functionality on the platform
Burp is available for free with limited access to its tools, although you can also buy a Pro version for an annual subscription. I recommend starting with the free version until you understand how to use it. When you’re steadily finding vulnerabilities, buy the Pro edition to make your life easier.
C harles (https://www.charlesproxy.com/) is an HTTPproxy, an HTTP monitor, and a reverse proxy tool that
enables a developer to view HTTP and SSL/HTTPS traffic. With it, you can view requests, responses, and HTTP headers (which contain cookies and caching information).
Fiddler (https://www.telerik.com/fiddler/) is another lightweight proxy you can use to monitor your traffic, but the stable version is only available for Windows. Mac and Linux versions are available in beta at the time of this writing.
Wireshark (https://www.wireshark.org/) is a network protocol. Analyzer that lets you see what is happening on your network in detail. Wireshark is most useful when you’re trying to monitor traffic that can’t be proxied via Burp or ZAP. If you’re just starting out, using Burp Suite might be best if the site is only communicating over HTTP/HTTPS.
The OWASP Zed Attack Proxy (ZAP) is a free, community-based, open-source platform similar to Burp. It’s available at https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project. It also has a variety of tools, including a proxy, repeater, scanner, directory/file brute-force, and so on. In addition, it supports add-ons so you can create additional functionality if you’re so inclined. The website has some useful information to help you get started.