kali Linux ツール一覧
こんにちは、今日はkali Linuxのツールについて扱っていこうと思います。
そもそも、kali Linuxって何?
Kali Linuxとは、サイバーセキュリティに特化したLinuxディストリビューション(OS)で、 ペネトレーションテスト(侵入テスト)、セキュリティ監査、フォレンジック(デジタルデータの解析)などに利用されます (AIによる概要)
つまり、セキュリティに特化したLinuxディストリビュージョンということです
ツール一覧
ということで、ツール一覧と、GIthubにリポジトリがあるものはリンクも載せています。 ツールはv○.○.○で、リポジトリはGrokに手伝ってもらいました。 もしかすると漏れがあるかもあるので、ご了承ください。
一応主要なものを先に載せておきます
| Tool Name | Description | GitHub Repository URL | Notes |
|---|---|---|---|
| aircrack-ng | Suite of tools for wireless network auditing and cracking, including WEP/WPA key recovery. | aircrack-ng/aircrack-ng | Official repo; active development with contributions from the community. |
| amass | Performs network mapping and asset discovery using open-source reconnaissance techniques. | owasp-amass/amass | OWASP project; widely used for OSINT in pentesting. |
| arping | Sends ARP requests to discover hosts on a network (part of iputils). | iputils/iputils | Part of iputils package; not Kali-specific. |
| arpspoof | ARP spoofing tool for man-in-the-middle attacks (part of dsniff). | DinoTools/dsniff | Included in dsniff suite; community-maintained fork. |
| autopsy | Graphical interface for digital forensics analysis using Sleuth Kit. | sleuthkit/autopsy | Official; supports file system investigations. |
| binwalk | Analyzes and extracts embedded files from binary images like firmware. | ReFirmLabs/binwalk | Official; commonly used in reverse engineering. |
| bloodhound-python | Python ingestor for BloodHound, collecting Active Directory data. | dirkjanm/BloodHound.py | Official; complements the BloodHound GUI for AD recon. |
| bulk_extractor | Extracts features like emails and credit cards from disk images. | simsong/bulk_extractor | Official; high-performance forensics tool. |
| bully | Brute-force attack tool for Wi-Fi Protected Setup (WPS). | aanarchyy/bully | Maintained fork; exploits WPS vulnerabilities. |
| cadaver | Command-line WebDAV client for file operations. | notroj/cadaver | Official; supports uploads/downloads in Unix environments. |
| cewl | Generates custom wordlists by spidering websites. | digininja/CeWL | Official; useful for password cracking dictionaries. |
| cherrytree | Hierarchical note-taking application with rich text support. | giuspen/cherrytree | Official; cross-platform for organizing pentest notes. |
| chntpw | Resets Windows passwords and edits registry offline. | minacle/chntpw | Maintained fork; original source not on GitHub. |
| clang | C/C++/Objective-C compiler front-end (part of LLVM). | llvm/llvm-project | Official LLVM repo; used for development in Kali. |
| commix | Automated tool for detecting and exploiting command injection flaws. | commixproject/commix | Official; supports various injection techniques. |
| crunch | Generates wordlists based on custom character sets. | crunchsec/crunch | Official; essential for brute-force attacks. |
| dirb | Web content scanner using dictionary-based attacks. | v0re/dirb | Maintained fork; finds hidden directories. |
| dirbuster | Brute-forces directories and files on web servers (Java-based). | KajanM/DirBuster | Maintained; OWASP project for web recon. |
| dmitry | Gathers subdomain, email, and port info from public sources. | jaygreig86/dmitry | Official; simple OSINT tool. |
| dnsenum | Enumerates DNS info and discovers non-contiguous IP blocks. | fwaeytens/dnsenum | Official; multithreaded Perl script. |
| dnsmap | Brute-forces subdomains for DNS mapping. | resurrecting-open-source-projects/dnsmap | Resurrected open-source project. |
| dnsrecon | DNS enumeration and reconnaissance tool. | darkoperator/dnsrecon | Official; supports zone transfers and brute-forcing. |
| dsniff | Suite for network auditing, including password sniffing. | DinoTools/dsniff | Maintained fork; original by Dug Song. |
| enum4linux | Enumerates info from Windows/Samba systems via SMB. | CiscoCXSecurity/enum4linux | Official Cisco fork; useful for AD enumeration. |
| ettercap | Man-in-the-middle attack suite with protocol dissection. | Ettercap/ettercap | Official; supports content filtering. |
| evil-winrm | WinRM shell for pentesting Windows systems. | Hackplayers/evil-winrm | Official; focused on post-exploitation. |
| ffuf | Fast web fuzzer for directory and parameter discovery. | ffuf/ffuf | Official; written in Go for speed. |
| fierce | DNS scanner for locating non-contiguous IP spaces. | mschwager/fierce | Official; Python-based recon tool. |
| gobuster | Brute-forces directories, DNS, and vhosts in Go. | OJ/gobuster | Official; efficient for web enumeration. |
| hashcat | Advanced password recovery tool using CPU/GPU. | hashcat/hashcat | Official; supports over 300 algorithms. |
| hashdeep | Computes and audits multiple hashes recursively. | jessek/hashdeep | Official; cross-platform hashing utility. |
| hashid | Identifies hash types from input strings. | psypanda/hashID | Official; supports over 220 hash types. |
| hping3 | Custom packet assembler and analyzer for TCP/IP. | antirez/hping | Official; used for firewall testing and scanning. |
| hydra | Parallelized login brute-forcer for multiple protocols. | vanhauser-thc/thc-hydra | Official THC repo; highly flexible. |
| ike-scan | Discovers and fingerprints IKE hosts (VPNs). | royhills/ike-scan | Official; uses retransmission patterns for fingerprinting. |
| john | Fast password cracker with community enhancements (John the Ripper). | openwall/john | Official; supports weak password detection. |
| kismet | Wireless network detector, sniffer, and WIDS framework. | kismetwireless/kismet | Official; supports Wi-Fi, Bluetooth, and SDR. |
| macchanger | Utility to spoof MAC addresses on network interfaces. | alobbs/macchanger | Official; GNU-licensed for anonymity. |
| masscan | High-speed TCP port scanner similar to Nmap but faster. | robertdavidgraham/masscan | Official; Internet-scale scanning in minutes. |
| medusa | Parallel brute-forcer for remote logins. | jmk-foofus/medusa | Official; modular for various services. |
| metasploit-framework | Exploitation framework for developing and executing exploits. | rapid7/metasploit-framework | Official Rapid7 repo; core Kali tool. |
| mimikatz | Extracts plaintext passwords and tickets from Windows memory. | gentilkiwi/mimikatz | Official; post-exploitation staple. |
| mitmproxy | Interactive HTTPS proxy for inspecting and editing traffic. | mitmproxy/mitmproxy | Official; Python-based with console interface. |
| nmap | Network discovery and security auditing utility. | nmap/nmap | Official; versatile port scanner. |
| netdiscover | ARP reconnaissance tool for active/passive scanning. | netdiscover-scanner/netdiscover | Official; works on switched networks. |
| netexec | Network service exploitation tool for large networks (nxc). | Pennyw0rth/NetExec | Official; automates security assessments. |
| nikto | Web server scanner for vulnerabilities and misconfigurations. | sullo/nikto | Official; Perl-based with plugin support. |
| onesixtyone | Fast SNMP scanner for community strings. | trailofbits/onesixtyone | Official; simple and efficient. |
| ophcrack | Windows password cracker using rainbow tables. | objectif-libre/ophcrack | Maintained fork; supports NTLM hashes. |
| patator | Multi-purpose brute-forcer with modular design. | lanjelot/patator | Official; Python-based for flexibility. |
| pdfid | Scans PDFs for risky keywords like JavaScript. | DidierStevens/DidierStevensSuite | Part of suite; forensics-focused. |
| pdf-parser | Parses PDF structure without rendering. | DidierStevens/DidierStevensSuite | Part of suite; detects malicious elements. |
| pipal | Analyzes password dumps for patterns and statistics. | digininja/pipal | Official; Ruby-based for password strength assessment. |
| pixiewps | Offline WPS PIN brute-forcer (Pixie Dust attack). | wiire-a/pixiewps | Official; exploits entropy issues in APs. |
| reaver | Brute-forces WPS PINs to recover WPA keys. | t6x/reaver-wps-fork-t6x | Maintained fork; includes Wash for AP detection. |
| recon-ng | Web reconnaissance framework with modular design. | lanmaster53/recon-ng | Official; Python-based OSINT tool. |
| responder | LLMNR/NBT-NS/MDNS poisoner for credential harvesting. | SpiderLabs/Responder | Official; built-in rogue servers. |
| scalpel | File carver for recovering files from raw devices. | sleuthkit/scalpel | Official; uses header/footer definitions. |
| scapy | Interactive packet manipulation and forging library. | secdev/scapy | Official; Python-based for network testing. |
| skipfish | Active web app security reconnaissance tool. | spinkham/skipfish | Mirror of Google Code project; generates sitemaps. |
| smbmap | Enumerates SMB shares and permissions. | ShawnDEvans/smbmap | Official; Python tool for Samba recon. |
| sqlmap | Automatic SQL injection detection and exploitation. | sqlmapproject/sqlmap | Official; supports multiple databases. |
| theHarvester | Gathers emails, subdomains, and hosts from public sources. | laramies/theHarvester | Official; OSINT for pentesting. |
| wafw00f | Identifies and fingerprints Web Application Firewalls. | EnableSecurity/wafw00f | Official; detects over 50 WAFs. |
| wapiti | Black-box web vulnerability scanner. | shenril/Wapiti | Fork of original SourceForge project; scans for injections and XSS. |
| wireshark | Network protocol analyzer for packet capturing. | wireshark/wireshark | Official mirror; essential for traffic analysis. |
| wpscan | WordPress vulnerability scanner. | wpscanteam/wpscan | Official; checks plugins and themes. |
ていう感じです。 流石に長すぎですねw ここまで読んでいただき、ありがとうございました!