Kali Linux is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying an appropriate testing methodology equipped with well-defined business objectives and a scheduled test plan will result in the robust penetration testing of your network.
Kali Linux contains a number of tools that can be used during the penetration testing process.
- Information gathering - tools that can be used to gather information about DNS, IDS/IPS, network scanning, OSs, routing, SSL, SMB, VPN, VoIP, SNMP, e-mail addresses, and VPN.
- Vulnerability assessment - tools to scan vulnerabilities in general. It also contains tools to assess the Cisco network, database servers, and also includes several fuzzing tools.
- Web applications - tools related to web applications such as the content management system scanner, database exploitation, web application fuzzers, web application proxies, web crawlers, and web vulnerability scanners.
- Password attacks - tools to perform password attacks, online or offline.
- Exploitation tools - tools that can be used to exploit the vulnerabilities found in the target environment, such as the network, Web, and database. There are also tools to perform social engineering attacks and find out about the exploit information.
- Sniffing and spoofing - tools to sniff the network and web traffic, and also includes network spoofing tools such as Ettercap and Yersinia.
- Maintaining access - to help you maintain access to the target machine, such as backdooring the operating system, web application and tunneling.
- Reporting tools - help to document the penetration-testing process and results.
- System services - services that can be useful during the penetration testing task, such as the Apache service, MySQL service, SSH service, and Metasploit service.
Top 10 Security Tools - aircrack-ng, burp-suite, hydra, john, maltego, metasploit, nmap, sqlmap, wireshark, and zaproxy.
Kali Linux also provides several other tools;
- Wireless attacks - tools to attack Bluetooth, RFID/NFC, and wireless devices.
- Reverse engineering - tools that can be used to debug a program or disassemble an executable file.
- Stress testing - tools that can be used to help you in stress testing network, wireless, Web, and VOIP environment.
- Hardware hacking - tools that can be used if you want to work with Android and Arduino applications.
- Forensics - tools that can be used for digital forensics, such as acquiring a hard disk image, carving files, and analyzing the hard disk image.
Reference: L. Allen, T. Heriyanto, S. Ali. Kali Linux – Assuring Security by Penetration Testing. 2014.