10 open source tools that feel illegal...
An overview of 10 free, open-source ethical hacking tools available by default on Kali Linux. Covers network mapping, packet inspection, password cracking, web vulnerability scanning, and social engineering — framed as penetration testing education with repeated legal disclaimers. ---
Key Concepts
| Concept | Definition |
|---|---|
| Ethical hacking / pentesting | Authorized testing of systems to find vulnerabilities before malicious actors do |
| Kali Linux | A Linux distro pre-loaded with security and penetration testing tools |
| Reverse shell | A technique where a target machine initiates a connection back to the attacker, granting remote control |
| Password hashing | One-way transformation of a password (e.g., SHA, bcrypt) plus salting to make stored passwords hard to reverse |
| SQL injection | Submitting raw SQL statements in web forms to trick a server into executing unintended database commands |
| DoS / DDoS | Flooding a server with traffic to take it offline; distributed version uses a botnet of compromised machines |
| Social engineering | Manipulating people rather than systems — phishing, cloned websites, etc. |
| File carving | Forensic technique of reconstructing files from raw disk data by identifying file headers and footers |
Notes
Nmap — Network Mapping
- Sends packets over an IP range and analyzes responses
- Identifies open ports and operating systems on a network
- Basic usage: `nmap <IP or URL>`
- Aggressive scan (`-A` flag): detects OS, runs traceroute to find misconfigurations
Wireshark — Packet Inspection
- Captures and analyzes network traffic in real time across hundreds of protocols
- GUI-based; data can be captured live and analyzed offline
- Can reveal unencrypted payloads on HTTP traffic — reason to always use HTTPS for sensitive forms
Metasploit — Exploitation Framework
- Described as the most powerful hacking framework; accessible even to unskilled users
- Example: EternalBlue exploit targets unpatched Windows machines
- Search for exploit → set payload (reverse shell) → set local host IP → run
- Result: full remote file access on target machine
- Caveat: so automated it limits learning opportunities
Aircrack-ng — Wi-Fi Hacking
- Tools in suite: `airmon` (monitor mode), `airodump` (network discovery), `aircrack` (WPA key cracking)
- Can intercept packets on cracked networks
- Intercepted data is still protected if the site uses HTTPS encryption
- Using on networks without permission is illegal
Hashcat — Password Cracking
- Targets hashed (and salted) passwords stolen from databases
- Attack strategies:
- Brute force: tries every possible string combination
- Dictionary attack: uses wordlists like `rockyou.txt` (~14 million common passwords)
- Must specify hashing algorithm (e.g., MD5 cracks in seconds; bcrypt may take days)
- Lesson: use strong passwords and enable 2FA
Skipfish — Web Vulnerability Scanner
- Recursively crawls a website scanning for:
- Cross-site scripting (XSS)
- SQL injection
- Other web application flaws
- Outputs an HTML report
- Accepts credentials to crawl authenticated/private areas of a site
Foremost — Forensic Data Recovery
- Performs **file carving**: scans a disk image byte-by-byte without needing a file system
- Identifies files by header/footer byte patterns (e.g., JPEG markers)
- Can recover data from a quick-formatted drive if data hasn't been overwritten
SQLMap — Database Exploitation
- Scans websites/servers to find databases and map schemas (tables, columns)
- Automates SQL injection attacks to extract database contents
hping3 — Denial of Service
- `hping3 --flood <IP>`: sends packets as fast as possible without waiting for replies
- Single machine = DoS attack
- Distributed across a botnet of compromised machines = DDoS attack
- Can crash servers or generate massive cloud billing costs
Social Engineering Toolkit (SET)
- Creates phishing attacks via multiple vectors: email, SMS, QR codes, Arduino IoT, websites
- Can **clone a real website** and capture credentials entered by victims
- No custom code required to execute the attack
Actionable Takeaways
- Install Kali Linux (desktop, WSL, or VPS) to access all these tools in one place
- Run `nmap -A <your own network>` to audit open ports and misconfigurations on your own infrastructure
- Use Wireshark to inspect your own network traffic and verify no unexpected outbound connections exist
- Audit your own web apps with Skipfish before attackers do
- Always hash + salt passwords with a strong algorithm (bcrypt, not MD5); enforce 2FA
- Never use these tools on systems or networks without explicit written permission
Quotes Worth Keeping
You want to be the one doing the penetrating, not some stranger in a foreign country who doesn't even care about your feelings.
Metasploit is almost too powerful, and if you use it, you'll miss out on a lot of cyber security learning opportunities.
Never do penetration testing on a website or network without permission.