apktool – A tool for re-engineering Android apk files

Tool Description

It is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.
It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms and other GOOD purposes. Just try to be fair with authors of an app, that you use and probably like.

Tool Source: https://code.google.com/p/android-apktool/

Kali Repo: http://git.kali.org/gitweb/?p=packages/apktool.git;a=summary

Video Tutorial: Coming Soon!

CryptCat – A lightweight version netcat extended with twofish encryption

Tool Description

CryptCat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Tool Source: http://cryptcat.sourceforge.net/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cryptcat.git;a=summary

Video Tutorial: Coming Soon!

 

CeWL – Custom wordlist generator

Tool Description

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

Tool Source: http://www.digininja.org/projects/cewl.php

Kali Repo: http://git.kali.org/gitweb/?p=packages/cewl.git;a=summary

Video Tutorial: Coming Soon!

BurpSuite – Platform for security testing of web applications

Tool Description

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Tool Source: http://portswigger.net/burp/

Kali Repo: http://git.kali.org/gitweb/?p=packages/burpsuite.git;a=summary

Video Tutorial: Coming Soon!

DHCPig – DHCP exhaustion script

Tool Description

DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy >=2.1 library and admin privileges to execute. No configuration necessary, just pass the interface as a parameter. It has been tested on multiple Linux distributions and multiple DHCP servers (ISC,Windows 2k3/2k8).

Tool Source: https://github.com/kamorin/DHCPig

Kali Repo: http://git.kali.org/gitweb/?p=packages/dhcpig.git;a=summary

Video Tutorial: Coming Soon!

Binwalk – Firmware analysis tool

Tool Description

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.

Tool Source: http://binwalk.org/

Kali Repo: http://git.kali.org/gitweb/?p=packages/binwalk.git;a=summary

Video Tutorial: Coming Soon!

Armitage – Red Team collaboration tool

Tool Description

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

  • Use the same sessions
  • Share hosts, captured data, and downloaded files
  • Communicate through a shared event log.
  • Run bots to automate red team tasks.

Armitage is a force multiplier for red team operations.

Tool Source: http://www.fastandeasyhacking.com/manual#0

Kali Repo: http://git.kali.org/gitweb/?p=packages/armitage.git;a=summary

Included Tools:

  • Armitage
  • Teamserver

Video Tutorial: Coming Soon!

 

APACHE-USERS

Tool Description

This Perl script will enumerate the usernames on any system that uses Apache with the UserDir module.

Tool Source: https://labs.portcullis.co.uk/

Kali Repo: http://git.kali.org/gitweb/?p=packages/apache-users.git;a=summary

Example:

root@kali:~# apache-users -h 192.168.1.202 -l /usr/share/wordlists/metasploit/unix_users.txt -p 80 -s 0 -e 403 -t 10

Video Tutorial: Coming Soon!

AIRCRACK-NG

Tool Description

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Tool Source: http://aircrack-ng.org/

Kali Repo: http://git.kali.org/gitweb/?p=packages/aircrack-ng.git;a=summary

Included Tools:

  • airbase-ng – Configure fake access points
  • aircrack-ng – Wireless password cracker
  • airdecap-ng – Decrypt WEP/WPA/WPA2 capture files
  • airdecloak-ng – Removes WEP cloaking from a pcap file
  • airdriver-ng – Provides status information about the wireless drivers on your system
  • aireplay-ng –  Primary function is to generate traffic for later use in aircrack-ng
  • airmon-ng – This script can be used to enable monitor mode on wireless interfaces
  • airmon-zc – This script can be used to enable monitor mode on wireless interfaces
  • airodump-ng – Used for packet capturing of raw 802.11 frames
  • airodump-ng-oui-update – Downloads and parses IEEE OUI list
  • airolib-ng – Designed to store and manage essid and password lists
  • airserv-ng – A wireless card server
  • airtun-ng – Virtual tunnel interface creator
  • besside-ng -Automatically crack WEP and WPA networks
  • buddy-ng
  • easside-ng – An auto-magic tool which allows you to communicate via an WEP-encrypted access point
  • ivstools – This tool handle .ivs files. You can either merge or convert them
  • kstats
  • makeivs-ng – Generates initialization vectors
  • packetforge-ng – Create encrypted packets that can subsequently be used for injection
  • tkiptun-ng – This tool is able to inject a few frames into a WPA TKIP network with QoS
  • wesside-ng – Auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key
  • wpaclean – Remove excess data from a pcap file

Video Tutorial: Coming Soon!