10 open source tools that feel illegal...
TL;DR
An overview of 10 free, open-source ethical hacking tools available by default on Kali Linux. Covers network mapping, packet inspection, password cracking, web vulnerability scanning, and social engineering — framed as penetration testing education with repeated legal disclaimers. ---
Key Concepts
Ethical hacking / pentesting
tap to reveal ↩
Authorized testing of systems to find vulnerabilities before malicious actors do
Kali Linux
tap to reveal ↩
A Linux distro pre-loaded with security and penetration testing tools
Reverse shell
tap to reveal ↩
A technique where a target machine initiates a connection back to the attacker, granting remote control
Password hashing
tap to reveal ↩
One-way transformation of a password (e.g., SHA, bcrypt) plus salting to make stored passwords hard to reverse
SQL injection
tap to reveal ↩
Submitting raw SQL statements in web forms to trick a server into executing unintended database commands
DoS / DDoS
tap to reveal ↩
Flooding a server with traffic to take it offline; distributed version uses a botnet of compromised machines
Social engineering
tap to reveal ↩
Manipulating people rather than systems — phishing, cloned websites, etc.
File carving
tap to reveal ↩
Forensic technique of reconstructing files from raw disk data by identifying file headers and footers
Notes
§Nmap — Network Mapping
- Sends packets over an IP range and analyzes responses
- Identifies open ports and operating systems on a network
- Basic usage:
nmap <IP or URL> - Aggressive scan (
-Aflag): detects OS, runs traceroute to find misconfigurations
§Wireshark — Packet Inspection
- Captures and analyzes network traffic in real time across hundreds of protocols
- GUI-based; data can be captured live and analyzed offline
- Can reveal unencrypted payloads on HTTP traffic — reason to always use HTTPS for sensitive forms
§Metasploit — Exploitation Framework
- Described as the most powerful hacking framework; accessible even to unskilled users
- Example: EternalBlue exploit targets unpatched Windows machines
- Search for exploit → set payload (reverse shell) → set local host IP → run
- Result: full remote file access on target machine
- Caveat: so automated it limits learning opportunities
§Aircrack-ng — Wi-Fi Hacking
- Tools in suite:
airmon(monitor mode),airodump(network discovery),aircrack(WPA key cracking) - Can intercept packets on cracked networks
- Intercepted data is still protected if the site uses HTTPS encryption
- Using on networks without permission is illegal
§Hashcat — Password Cracking
- Targets hashed (and salted) passwords stolen from databases
- Attack strategies:
- Brute force: tries every possible string combination
- Dictionary attack: uses wordlists like
rockyou.txt(~14 million common passwords) - Must specify hashing algorithm (e.g., MD5 cracks in seconds; bcrypt may take days)
- Lesson: use strong passwords and enable 2FA
§Skipfish — Web Vulnerability Scanner
- Recursively crawls a website scanning for:
- Cross-site scripting (XSS)
- SQL injection
- Other web application flaws
- Outputs an HTML report
- Accepts credentials to crawl authenticated/private areas of a site
§Foremost — Forensic Data Recovery
- Performs file carving: scans a disk image byte-by-byte without needing a file system
- Identifies files by header/footer byte patterns (e.g., JPEG markers)
- Can recover data from a quick-formatted drive if data hasn't been overwritten
§SQLMap — Database Exploitation
- Scans websites/servers to find databases and map schemas (tables, columns)
- Automates SQL injection attacks to extract database contents
§hping3 — Denial of Service
hping3 --flood <IP>: sends packets as fast as possible without waiting for replies- Single machine = DoS attack
- Distributed across a botnet of compromised machines = DDoS attack
- Can crash servers or generate massive cloud billing costs
§Social Engineering Toolkit (SET)
- Creates phishing attacks via multiple vectors: email, SMS, QR codes, Arduino IoT, websites
- Can clone a real website and capture credentials entered by victims
- No custom code required to execute the attack
Actionable Takeaways
- Install Kali Linux (desktop, WSL, or VPS) to access all these tools in one place
- Run
nmap -A <your own network>to audit open ports and misconfigurations on your own infrastructure - Use Wireshark to inspect your own network traffic and verify no unexpected outbound connections exist
- Audit your own web apps with Skipfish before attackers do
- Always hash + salt passwords with a strong algorithm (bcrypt, not MD5); enforce 2FA
- Never use these tools on systems or networks without explicit written permission
Quotes Worth Keeping
“
You want to be the one doing the penetrating, not some stranger in a foreign country who doesn't even care about your feelings.
“
Metasploit is almost too powerful, and if you use it, you'll miss out on a lot of cyber security learning opportunities.
“
Never do penetration testing on a website or network without permission.