Top 15 Kali Linux Hacking Tools You MUST KNOW!

00:03

hi everyone in this video I'm going to

00:06

show you top 15 Kali Linux hacking tools

00:10

you must know my name is James and this

00:12

channel is all about showing you how to

00:14

become a highly paid cyber security

00:16

ethical hacking or Cloud Pro

00:27

F the tools and knowledge shared in this

00:30

video are meant to enhance your skills

00:33

as an ethical hacker and they are to be

00:35

used only in a defensive manner any use

00:38

of these tools maliciously on systems

00:40

networks and devices for which you don't

00:42

have permission is

00:45

illegal Ki Linux formerly known as

00:48

backtrack Linux is an open-source

00:50

debian-based Linux distribution aimed at

00:53

Advanced penetration testing and

00:55

security auditing it does this by

00:57

providing common tools configurations

01:00

and automations which allows the user to

01:02

focus on the task that needs to be

01:04

completed not the surrounding activity

01:07

let's take a look at the top 15 Ki Linux

01:10

tools you need to know number one

01:18

nmap nmap is used to discover hosts and

01:21

services on a computer network by

01:23

sending packets and analyzing the

01:26

responses it provides a number of

01:28

features for probing computer networks

01:30

including host Discovery and service and

01:33

operating system detection we can say

01:35

that nmap helps us gain insight into the

01:38

current Network we're on and gather more

01:40

information about other devices for

01:42

instance we're currently in a network

01:44

that falls under a Class C Network let's

01:47

find out who's on this

01:53

network as you can see nmap has

01:55

discovered several devices let's see if

01:57

any of the standard ports are open on

01:59

this Network in this example we're using

02:02

443 and 80 as standard ports and

02:05

employing three-way

02:08

handshaking now we know that certain

02:11

addresses have the requested ports open

02:13

or filtered indicating they're running

02:15

specific web services this is just a

02:17

small glimpse of what nmap can do let's

02:21

move on to the next tool number two

02:24

metas

02:28

sploid if map is used to find hosts and

02:31

services then Metasploit Reigns as the

02:34

top penetrating framework utilized by

02:37

security Engineers as both a penetration

02:39

testing system and a development

02:41

platform enabling the creation of

02:43

security tools and

02:46

exploits this framework simplifies

02:48

hacking for both attackers and

02:51

Defenders right now we're launching the

02:54

metas sploit console and searching for

02:56

the vsftp demon as chosen in this

02:59

example

03:02

additionally we can use the show options

03:04

option to get more information but it's

03:06

best utilized in conjunction with the

03:08

previous tool n map Metasploit is a very

03:11

serious tool if used

03:13

properly let's move on to the next tool

03:16

number three wire

03:22

shark wire shark is a tool for analyzing

03:25

packets commonly used in network

03:27

troubleshooting protocol development and

03:29

educ

03:30

cyber Security Professionals frequently

03:32

rely on wire shark to track connections

03:34

inspect suspicious Network transactions

03:37

and detect spikes in network traffic

03:40

currently we're monitoring network

03:41

connections in real time we capture

03:44

entire streams of traffic allowing us to

03:46

pause filter and analyze specific

03:48

Network packets this enables us to

03:51

visualize complete conversations and

03:53

network streams in some cases

03:56

Communications are encrypted wire shark

03:58

can't decrypt it

04:00

however it can assist with decryption

04:02

when utilized correctly to effectively

04:04

use wire shark you must have a solid

04:07

understanding of how networks operate

04:09

this includes knowledge of processes

04:10

like the three-way TCP handshake and

04:13

familiarity with various protocols such

04:15

as TCP UDP DHCP and mcmp among others

04:22

let's move on to the next

04:23

tool number four

04:28

Hydra

04:30

Hydra is a parallelized login cracker

04:33

which supports numerous protocols to

04:35

attack it is very fast and flexible so

04:38

in this example we'll attempt to access

04:40

a remote Linux server we'll be using a

04:43

dictionary attack instead of a password

04:45

spray attack to get started we need to

04:48

create two text documents passwords and

04:52

users in both documents we'll input

04:56

random information that we'll use for

04:58

the dictionary attack to expedite the

05:00

process of obtaining credentials on This

05:02

Server let's quickly check using nmap

05:05

what's located at the address

05:07

1.6 as we can see Port 22 is open

05:11

indicating that the SSH service is

05:13

active and listening for new connections

05:16

this gives us the opportunity to test

05:21

Hydra Bingo we now have a username and

05:25

password for this

05:27

server let's attempt to connect to this

05:29

server via

05:35

SSH success we now have full control

05:38

over this server this tool makes it

05:41

possible for researchers and Security

05:43

Consultants to show how easy it would be

05:45

to gain unauthorized access to a system

05:49

remotely number five John the

05:55

Ripper just as its name suggests it will

05:57

tackle any challenge you put in front of

05:59

it for instance right now we have a hash

06:02

that we don't know the algorithm or

06:03

meaning of the first step we need to

06:05

take is to identify which hash algorithm

06:08

is being used when we talk about

06:09

cryptography we'll use a hash identifier

06:12

to find that out now we know it's the

06:14

sha1 algorithm which will make it easier

06:17

for us to decrypt it in the next step

06:19

using the John the Ripper

06:24

application success the content hidden

06:27

behind aay 1 is called test the

06:29

difference between Hydra and John the

06:31

Ripper is that John the Ripper can be

06:33

used offline John the Ripper supports

06:35

hundreds of hash and Cipher types

06:38

including user passwords encrypted

06:40

private Keys file systems Diss and

06:44

archives number six burp

06:51

site burp site is an integrated platform

06:54

and graphical tool for performing

06:56

security testing of web applications the

06:59

s twet includes tools such as a proxy

07:01

server an indexing robot an intrusion

07:04

tool a vulnerability scanner and an HTTP

07:08

repeater it supports the entire testing

07:11

process from initial mapping and

07:13

Analysis of an application's attack

07:15

surface through to finding and

07:17

exploiting security vulnerabilities in

07:19

this case we'll conduct a test intercept

07:22

of traffic using a specialized viewing

07:27

window as you can see in the back ground

07:29

we can review all the activities that

07:31

occurred during the request sending by

07:34

using HTTP history we can subsequently

07:37

utilize the existing information we

07:39

obtained

07:41

earlier number seven

07:47

ncto ncto also known as ncto 2 is a web

07:52

server scanner which performs

07:53

vulnerability scanning against web

07:55

servers for multiple items including

07:58

dangerous files and programs Let's test

08:01

his basic abilities and see how he

08:03

operates we'll use the SSL switch to

08:05

reduce the scanning time as we can see

08:07

we have a comprehensive overview of

08:09

information such as server IP address

08:12

host name current listening Port SSL

08:14

information and so on ncto is a really

08:17

excellent tool where we've had the

08:19

opportunity to confirm some of its

08:21

fundamental

08:22

capabilities number eight

08:28

skipfish

08:32

skipfish is used for information

08:34

gathering and testing the security of

08:36

websites and web servers skipfish is the

08:39

easiest and one of the best tools for

08:41

penetration

08:43

testing in this example we'll analyze

08:46

the web server at address 1.2 and save a

08:49

detailed report for later use and

08:53

Analysis this tool functions and makes a

08:55

map on the console of the targeted site

08:58

using recursive crawl and dictionary

09:00

based probes this tool gives us all the

09:03

security checks that are active in the

09:05

domain lastly this tool generates a

09:08

report which can be further used for

09:09

security

09:11

assessments as you can see skipfish

09:14

provides a detailed report where you can

09:17

analyze the entire content from a

09:19

security standpoint

09:22

afterward number nine

09:28

hashcat

09:30

hashcat is a great tool for cracking

09:32

passwords offline using the power of

09:34

your graphics processor unit

09:36

computational power it can process an

09:39

astounding number of password guesses

09:41

per second cutting down the time it

09:43

takes to crack password hashes in this

09:46

example since we don't have any

09:48

information we'll use a Brute Force

09:54

attack hashcat has finished let's check

09:57

the result bingo the password is test

10:01

Brute Force attacks still have initial

10:03

use in that you can exhaust every guess

10:05

of fast hashes up to generally eight

10:07

characters and then focus on longer

10:10

passwords number 10

10:17

Malo maltego is a link analysis software

10:20

used for open-source intelligence

10:23

forensics and other

10:25

investigations maltego offers real-time

10:28

Data Mining and information gathering as

10:31

well as the representation of this

10:32

information on a node-based graph making

10:35

patterns and multiple order connections

10:38

between said information easily

10:40

identifiable for example if we wanted to

10:43

find all the IP addresses associated

10:45

with a specific website we could select

10:48

the website entity and use it as a

10:50

trigger to extract and gather all the

10:53

data Malo is a very serious tool when

10:56

used

10:58

correctly number 11

11:03

beef browser exploitation framework

11:07

basically the idea is to hook the

11:09

browser from a client on the targeted

11:11

Network to your Kaye Linux

11:21

instance currently we're setting up test

11:24

bait on our host to explore something

11:27

new

11:37

clicking on the shortcut link will allow

11:39

the server to gather various information

11:41

from the host including browser details

11:44

language settings monitor resolution

11:47

Mouse activity camera and microphone

11:49

usage Hardware information and

11:51

additionally we can leverage social

11:54

engineering and more number 12

11:57

Linds

12:02

Linus is a battle tested security tool

12:04

for systems running Linux Mac OS or

12:07

unix-based operating system it performs

12:10

an extensive Health Scan of your systems

12:12

to support system hardening and

12:14

compliance testing the software

12:16

determines various system information

12:19

such as the specific OS type kernel

12:21

parameters authentication and accounting

12:24

mechanism installed packages installed

12:27

Services Network configuration logging

12:30

and monitoring using Linus you can

12:33

periodically scan your systems for the

12:35

latest vulnerabilities and keep your

12:37

host

12:38

secure number 13

12:46

autopsy the autopsy is a cyber forensic

12:49

tool used for the analysis of Windows

12:51

and Unix file systems NTFS fat ffs

12:57

ext2fs and E XT

12:59

3fs it can also be used to recover

13:02

deleted files and also show various

13:04

sectors of uploaded images making it

13:07

easier to make an in-depth analysis of

13:09

the image version two of autopsy is

13:12

written in Pearl and it runs on all

13:14

major platforms including Linux Unix Mac

13:17

OS and windows it relies upon the sleuth

13:20

kit to analyze the

13:22

dis number 14

13:27

crunch

13:29

crunch is a word list generating tool

13:31

that comes pre-installed with Kaye Linux

13:34

it is used to create custom keywords

13:36

based on word lists it generates a word

13:39

list with permutations and combinations

13:42

we could use some specific patterns and

13:44

symbols to generate a word list when an

13:46

attacker uses thousands or millions of

13:48

words or character combinations to crack

13:50

a password there is no shity that any of

13:53

those combinations will work this

13:56

collection of different combinations of

13:58

characters is called a word list and in

14:00

order to crack a password or a hash we

14:03

need to have a good word list that could

14:04

break the password so to do so we have a

14:07

tool in kayy Linux called crunch number

14:10

15

14:15

fierce fierce is a semi-lightweight

14:17

scanner that helps locate non-contiguous

14:20

IP space and host names against

14:22

specified domains it's really meant as a

14:25

precursor to nmap unicorn scan nessus

14:27

ncto ET ET since all of those require

14:30

that you already know what IP space you

14:32

are looking for this does not perform

14:35

exploitation and does not scan the whole

14:37

internet indiscriminately it is meant

14:40

specifically to locate likely targets

14:42

both inside and outside a corporate

14:46

Network this was the top 15 klie tools

14:49

that you must know and to all other

14:51

Security Professionals out

14:54

there keep up the good

14:57

work

15:10

check out the video on the right for

15:11

more content to help you develop your it

15:25

career