Top 5 Kali Linux Pentest tools for WiFi/network and exploits

kalilinuxoverview-min

Aircrack-ng

Aircrack is quite a useful tool. It focuses on several aspects of wifi connected security and breaking into Wifi for certain encryptions as well.

For monitoring Aircrack provides: Capturing of packets and export of that data to text files for further processing.

For Cracking: It can focus on relatively straightforward cracking of WEP and WPA PSK (WPA 1 & 2)

For Testing: Checking of WiFi cards and driver capabilities for capturing data and injection of data.

For Attacks for testing: Replay attack, de-authentication, fake access points, and other attacks done via packet injections.

Fern Wifi Cracker

It’d like to add this one as part of the same set of duo tools. In comparison to some other tools, this one provides quite a bit functionality through its GUI interface, which makes it a lot more convenient.

Since a lot of features are quite similar  to aircrack’s I’m attaching a quote from Fern Github page to emphasize similarities and differences in features of the tool:

  1. WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack

  2. WPA/WPA2 Cracking with Dictionary or WPS based attacks

  3. Automatic saving of key in database on successful crack

  4. Automatic Access Point Attack System

  5. Session Hijacking (Passive and Ethernet Modes)

  6. Access Point MAC Address Geo Location Tracking

  7. Internal MITM Engine

  8. Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)

 

Metasploit

I think no coverage of tools in pentesting can be complete without at least mentioning Metasploit framework.
The extensive suite contains a huge amount of exploits and modules for analysing monitoring , creating payloads, etc.

Therefore better then listing some features it would be to explore their exploit database.

You can explore it HERE on rapid7 website.

Armitage

This is a tool that is quite a bit connected to Metasploit framework as well. It’s making it easier to use Metasploit framework, with visualisations of targets, recommendation of exploits and and exposure of advanced post-exploitation tools,snippets of the framework. For easier usage and depending on where you use it, I seriously suggest at least skipping through their manual. In short, hacking with ‘sploits, made easier.

Nmap

Another network tool, even though this one isn’t meant for a direct effect like Fern tool, or Metasploit framework, but it is a very necessary tools for pentesters and ethical hackers a like. It aids in defining and understanding your target network, to uncover the host behind, services, OS that’s running on, what firewalls are enabled and filters. All of that is basically done with analysis of raws IP packets, and making a more logical output out of that to help you in determining attack vectors.

Matjaz Trcek
Matjaz Trcek
SRE @ Magnolia CMS

Working as an SRE in Magnolia CMS. In my free time I work on many side projects some of which are covered in this blog.