PenParabola
From ParabolaWiki
Contents
- 1 What is PenParabola
- 1.1 Kali Tools Listing
- 1.1.1 Information Gathering
- 1.1.2 Vulnerability Analysis
- 1.1.3 Web Applications
- 1.1.4 Password Attacks
- 1.1.5 Wireless Attacks
- 1.1.6 Exploitation Tools
- 1.1.7 Sniffing/Spoofing
- 1.1.8 Maintaining Access
- 1.1.9 Reverse Engineering
- 1.1.10 Hardware Hacking
- 1.1.11 Forensics
- 1.1.12 Reporting Tools
- 1.1.13 Uncategorized
- 1.2 Tasks to do
- 1.1 Kali Tools Listing
1 What is PenParabola
PenParabola is a derivative install CD based on the popular penetration testing distros such as Kali, BlackArch, Pentoo. It is a respin of the Parabola ISO designed for penetration testing and security research.
1.1 Kali Tools Listing
Kali contains a large amount of penetration testing tools from various different niches of the security and forensics fields. This article aims to list them all [1] to remove nonfree packages that do not have libre replacements and add the libre missing packages in PCR for PenParabola.
| Name(s) | Package(s) | TOP 10 Kali Security Tools | Type | Free | Note(s) |
|---|---|---|---|---|---|
| acccheck | acccheck | No | Information Gathering, Password Attacks | No | Contains a statement saying "This tool may be used for legal purposes only". It is a contradiction when it comes to the idea of freedom under the GPL2. Furthermore, it is a GPL violation since the Freedom 0 is "the freedom to run the program, for any purpose". See COPYING.ACCCHECK inside source code for further details. |
| ace-voip | ace | No | Information Gathering | Yes | Available in PCR. |
| Aircrack-ng | aircrack-ng | Yes | Wireless Attacks | Yes | Comes from Arch. |
| Amap | amap-git | No | Information Gathering | No | Contains GPL Violations. See LICENCE.AMAP inside source code for further details. |
| android-sdk | android-sdk | No | Hardware Hacking | No | It is under a restrictive license (eg. "Except to the extent required by applicable third party licenses, you may not copy (except for backup purposes), modify, adapt, redistribute, decompile, reverse engineer, disassemble, or create derivative works of the SDK or any part of the SDK."). See license.html for further details. |
| apache-users | apache-users | No | Web Applications | Yes | Available in PCR. |
| apktool | android-apktool | No | Reverse Engineering, Hardware Hacking | Yes | It will be added to PCR soon, however apktool needs revision to see if its source contains just scripts or java building files, if it contains building ones, then needs be built from the source. See source code [2] for further details. |
| Arachni | arachni-git | No | Web Applications | No | It is under a restrictive license (eg. "Any use of the Work, in whole or in part, involving Commercialization, is strictly prohibited without the prior written consent of Licensor."). See LICENSE inside source code for further details. |
| Arduino | arduino | Yes | Hardware Hacking | Yes | Comes from Arch. |
| Armitage | armitage | No | Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not GPL2. Even, Armitage needs revision to see if its source contains just scripts or java building files, if it contains building ones, then needs be built from the source. See source code [3] for further details. |
| Automater | tekdefense-automater-git | No | Information Gathering | Yes | Available in PCR. |
| Backdoor Factory | backdoor-factory | No | Exploitation Tools | Yes | Available in PCR. |
| BBQSQL | bbqsql | No | Vulnerability Analysis, Web Applications | Yes | Available in PCR. |
| BED | bed | No | Vulnerability Analysis | Yes | It will be added to PCR soon. |
| BeEF | beef-git | No | Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| bing-ip2hosts | bing-ip2hosts | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not Apache. |
| BlindElephant | blindelephant-svn | No | Web Applications | No | No license. |
| braa | braa | No | Information Gathering | Yes | It will be added to PCR soon. |
| Burp Suite | burpsuite | Yes | Web Applications, Password Attacks, Sniffing/Spoofing | No | EULA license. [4] |
| CaseFile | casefile | No | Information Gathering, Reporting Tools | No | It doesn't contains source code since it is developed by Paterva who develops Maltego too. [5] |
| CDPSnarf | cdpsnarf-git | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| cisco-auditing-tool | cisco-auditing-tool | No | Vulnerability Analysis, Password Attacks, Exploitation Tools | No | No license. |
| cisco-global-exploiter | cisco-global-exploiter | No | Vulnerability Analysis, Exploitation Tools | No | No license. |
| cisco-ocs | cisco-ocs-git | No | Vulnerability Analysis, Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| cisco-torch | cisco-torch | No | Information Gathering, Vulnerability Analysis, Exploitation Tools | Yes | It will be added to PCR soon. |
| Commix | commix-git | No | Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Cookie Cadger | cookie-cadger | No | Information Gathering | Yes | It will be added to PCR soon. |
| crackle | crackle-git | No | Wireless Attacks, Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| CryptCat | cryptcat | No | Maintaining Access | Yes | It will be added to PCR soon. |
| copy-router-config | cisco-router-config | No | Information Gathering, Vulnerability Analysis | No | No license. |
| CutyCapt | cutycapt-svn | No | Web Applications, Reporting Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with svn suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Cymothoa | cymothoa | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3 and BSD2, not GPL2. Furthermore, there is a pre-built part (the backdoor) in the BlackArch's PKGBUILD version which should be removed and built from the source. |
| DAVTest | davtest | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code URL has been changed. [6] |
| dbd | dbd-git | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not GPL3. Furthermore, it version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| DBPwAudit | dbpwaudit | No | Vulnerability Analysis, Password Attacks | No | No license. |
| deblaze | deblaze | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code has been moved from Google Code to GitHub. |
| dex2jar | dex2jar | No | Reverse Engineering, Hardware Hacking | Yes | It will be added to PCR soon. |
| DIRB | dirb | No | Web Applications | Yes | It will be added to PCR soon. |
| DirBuster | dirbuster | No | Web Applications | Yes | DirBuster is Free (under LGPL2), however it has been forked by the OWASP ZAP team, [7] [8] therefore use zaproxy instead. |
| diStorm3 | distorm | No | Reverse Engineering, Forensics | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not GPL2. Furthermore, the source code has been moved from Google Code to GitHub. |
| DMitry | dmitry | No | Information Gathering | Yes | It will be added to PCR soon. |
| dns2tcp | dns2tcp | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2 and MIT, not GPL2 only. |
| dnmap | dnmap | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not GPL3. |
| dnsenum | dnsenum | No | Information Gathering | Yes | It will be added to PCR soon. |
| dnsmap | dnsmap | No | Information Gathering | Yes | It will be added to PCR soon. |
| DNSRecon | dnsrecon-git | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not a custom license. Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| dnstracer | dnstracer | No | Information Gathering | Yes | Comes from Arch. |
| dnswalk | dnswalk | No | Information Gathering | No | In README file just says "This program may be freely distributed..." [9] and there aren't references about the remaining freedoms, therefore it is Nonfree. |
| Doona | doona-git | No | Vulnerability Analysis | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| dos2unix | dos2unix | No | Reporting Tools | Yes | Comes from Arch. |
| DotDotPwn | dotdotpwn | No | Information Gathering, Vulnerability Analysis | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3, not GPL2. |
| Dradis | dradis-ce-git | No | Reporting Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in pkgname since the source code comes from a version control system (VCS), not a tarball. |
| edb-debugger | edb | No | Reverse Engineering | Yes | It will be added to PCR soon. |
| enum4linux | enum4linux | No | Information Gathering | No | Contains a statement saying "This tool may be used for legal purposes only". It is a contradiction when it comes to the idea of freedom under the GPL2. Furthermore, it is a GPL violation since the Freedom 0 is "the freedom to run the program, for any purpose". See COPYING.ENUM4LINUX inside source code for further details. |
| enumIAX | enumiax | No | Information Gathering | Yes | It will be added to PCR soon. |
| exploitdb | exploit-db | No | Exploitation Tools | No | No license. |
| fimap | fimap-git | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2 and BSD3, not GPL2 only. Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. Even, the source code has been moved from Google Code to tha-imax. |
| fierce | fierce | No | Information Gathering | No | No license. |
| Firewalk | firewalk | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not "BSD". |
| fragroute, fragrouter | fragroute | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3 and GPL2, not GPL2 only. |
| FunkLoad | funkload | No | Web Applications | Yes | It will be added to PCR soon, however we need create a new PKGBUILD for it first. |
| Ghost Phisher | ghost-phisher-svn | No | Information Gathering, Wireless Attacks | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with svn suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Gobuster | gobuster | No | Web Applications | Yes | It will be added to PCR soon, however we need create a new PKGBUILD for it first. |
| GoLismero | golismero-git | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not a custom license. Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| goofile | goofile | No | Information Gathering | No | No license. |
| Grabber | grabber | No | Web Applications | No | Contains a statement saying "I will put the BSD Licence stuffs. But still, it is under the modified BSD licence.", however there aren't references about that license inside the source code or files. See README.txt inside source code for further details. |
| Greenbone Security Assistant | greenbone-security-assistant | No | Vulnerability Analysis | Yes | Comes from Arch. |
| GSD | greenbone-security-desktop | No | Vulnerability Analysis | Yes | GSD (Greenbone Security Desktop) is Free (under GPL2 and MIT), however it has been dropped in favour to focussing web client advances (eg. Greenbone Security Assistant). [10] |
| HexorBase | hexorbase-svn | No | Vulnerability Analysis, Password Attacks | No | No license. |
| hping3 | hping | No | Information Gathering | Yes | Comes from Arch. |
| http-tunnel | http-tunnel | No | Maintaining Access | Yes | It will be added to PCR soon, however we need create a new PKGBUILD for it first. |
| HTTPTunnel | httptunnel | No | Maintaining Access | Yes | Comes from Arch. |
| Inguma | inguma | No | Vulnerability Analysis | SemiFree | It is under GPL2, however contains a Nonfree database [11] needed to works with Nikto modules and libraries. Inguma needs revision to see if it works without Nikto support. |
| Intersect | intersect-git | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Intrace | intrace | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not GPL3. Anyway, there's a GPL3 license inside the source [12], seems it will be migrated to GPL3 soon. Furthermore, the source code has been moved from Google Code to GitHub. |
| iSMTP | ismtp-git | No | Information Gathering, Sniffing/Spoofing | Yes | It will be added to PCR soon, however we need create a new PKGBUILD for it first. |
| jad | jad | No | Reverse Engineering | No | There is a disclaimer where says it is under MIT [13], however there aren't references about its source code, therefore is NonFree. |
| javasnoop | javasnoop | No | Reverse Engineering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since it needs be built from the source. See source code [14] for further details. |
| jboss-autopwn | jboss-autopwn-git | No | Web Applications, Exploitation Tools | Yes | It will be added to PCR soon, however we need create a new PKGBUILD for it first. |
| John the Ripper | john | Yes | Password Attacks | Yes | Comes from Arch. |
| JD-GUI | jd-gui | No | Reverse Engineering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3, not custom. Furthermore, it needs be built from the source. See source code [15] for further details. |
| joomscan | joomscan | No | Web Applications | No | Contains a statement saying "This scanner is intended only for testing your own Joomla web sites.". It is a contradiction when it comes to the idea of freedom under the GPL3. Furthermore, it is a GPL violation since the Freedom 0 is "the freedom to run the program, for any purpose". See README inside source code for further details. |
| jSQL | jsql, jsql-injection | No | Vulnerability Analysis, Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not GPL3. Even, jSQL needs revision to see if its source contains just scripts or java building files, if it contains building ones, then needs be built from the source. See source code [16] for further details. |
| KeepNote | keepnote | No | Reporting Tools | Yes | Comes from Arch. |
| lbd | lbd | No | Information Gathering | Yes | It will be added to PCR soon. |
| Linux Exploit Suggester | linux-exploit-suggester-git | No | Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Lynis | lynis | No | Vulnerability Analysis | Yes | Comes from Arch. |
| MagicTree | magictree | No | Reporting Tools | No | No license. |
| Maltego Teeth | maltego | Yes | Information Gathering, Web Applications, Password Attacks, Exploitation Tools | No | It doesn't contains source code. [17] |
| masscan | masscan | No | Information Gathering | Yes | Comes from Arch. |
| Metagoofil | metagoofil | No | Information Gathering, Reporting Tools | Yes | It will be added to PCR soon. |
| Metasploit, Metasploit-Framework | metasploit | Yes | Uncategorized | Yes | Comes from Arch. |
| Mimikatz | mimikatz | No | Uncategorized | No | It is under CC BY 4.0 [18], however, like all CC licenses, it should not be used on software. [19][20] |
| Miranda | miranda-upnp | No | Information Gathering | No | No license. |
| Multimac | multimac | No | Uncategorized | Yes | It will be added to PCR soon. |
| NfSpy | nfspy-git | No | Uncategorized | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under MIT, not custom. Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Nipper-ng | nipper | No | Reporting Tools | No | Contains a statement saying "This code cannot be used as part of a commercial product..." and "Any code that integrates Nipper MUST display the copyright information below with the programs own copyright information...". It is a contradiction when it comes to the idea of freedom under the GPL3. Furthermore, it is a GPL violation since the Freedom 2 is "the freedom to redistribute copies so you can help your neighbor" and the Freedom 3 is "the freedom to distribute copies of your modified versions to others". See LICENSE inside source code for further details. |
| Nishang | nishang | No | Maintaining Access | No | Contains a statement saying "Nishang should be used for authorized testing and/or educational purposes only. No Exceptions.". It is a contradiction when it comes to the idea of freedom under the GPL3. Furthermore, it is a GPL violation since the Freedom 0 is "the freedom to run the program, for any purpose". See DISCLAIMER.txt inside source code for further details. |
| Nmap | nmap | Yes | Information Gathering, Vulnerability Analysis | Yes | Comes from Arch. |
| ntop | ntop | No | Information Gathering | Yes | Comes from Arch. |
| ohrwurm | ohrwurm-git | No | Vulnerability Analysis, Sniffing/Spoofing | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| OllyDbg | ollydbg | No | Reverse Engineering | No | It is under a restrictive license. [21] |
| openvas-administrator | openvas-administrator | No | Vulnerability Analysis | Yes | openvas-administrator is Free (under GPL2), however it has been has been merged into openvas-manager. [22] |
| openvas-cli | openvas-cli | No | Vulnerability Analysis | Yes | Comes from Arch. |
| openvas-manager | openvas-manager | No | Vulnerability Analysis | Yes | Comes from Arch. |
| openvas-scanner | openvas-scanner | No | Vulnerability Analysis | Yes | Comes from Arch. |
| Oscanner | oscanner | No | Vulnerability Analysis | Yes | Oscanner is under GPL2 [23], however it isn't available for downloading (404s workaround) from its official website anymore [24] because is unmaintained since 2006. [25] |
| p0f | p0f | No | Information Gathering, Forensics | Yes | Comes from Arch. |
| PadBuster | padbuster | No | Web Applications | No | It is under RPL that is a restrictive license. [26] [27] |
| Paros | paros | No | Web Applications | Yes | It will be added to PCR soon, however apktool needs revision to see if its source contains just scripts or java building files, if it contains building ones, then needs be built from the source. See source code [28] for further details. |
| Parsero | parsero-git | No | Information Gathering, Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| pipal | pipal | No | Reporting Tools | No | It is under CC-BY-SA 2.0 (UK: England & Wales) [29], however, like all CC licenses, it should not be used on software. [30][31] |
| plecost | plecost-git | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not "BSD". Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| polenum | polenum | No | Password Attacks, Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under Apache, not a custom license. |
| Powerfuzzer | powerfuzzer | No | Vulnerability Analysis, Web Applications | Yes | It will be added to PCR soon. |
| PowerSploit | powersploit-git | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not "BSD". Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| ProxyStrike | proxystrike | No | Web Applications | Yes | It will be added to PCR soon, however we need create a new PKGBUILD for it first. |
| pwnat | pwnat-git | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3, not GPL2. Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Recon-ng | recon-ng | No | Information Gathering, Web Applications | Yes | It will be added to PCR soon. |
| RidEnum | ridenum-git | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not custom. Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Sakis3G | sakis3g | No | Hardware Hacking | Yes | Sakis3G is under GPL2 [32], however its official website isn't available anymore because is unmaintained since 2013. [33] |
| sbd | sbd | No | Maintaining Access | SemiFree | It is under GPL2, however contains a Nonfree library [34]. See README for further details. |
| SET | set | No | Information Gathering, Exploitation Tools | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not "BSD". |
| sfuzz | sfuzz-git | No | Vulnerability Analysis | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under BSD3, not "BSD". Furthermore, it should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| ShellNoob | shellnoob | No | Exploitation Tools | Yes | It will be added to PCR soon. |
| SidGuesser | sidguesser | No | Vulnerability Analysis | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL2, not GPL3. |
| SIPArmyKnife | siparmyknife | No | Vulnerability Analysis, Sniffing/Spoofing | no | No license. |
| Skipfish | skipfish-git | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| smali | smali | No | Reverse Engineering, Hardware Hacking | Yes | Comes from Arch. |
| smtp-user-enum | smtp-user-enum | No | Information Gathering | No | Contains a statement saying "This tool may be used for legal purposes only". It is a contradiction when it comes to the idea of freedom under the GPL2. Furthermore, it is a GPL violation since the Freedom 0 is "the freedom to run the program, for any purpose". See COPYING inside source code for further details. |
| snmp-check | snmpcheck | No | Information Gathering | Yes | It will be added to PCR soon. |
| sqlmap | sqlmap | Yes | Vulnerability Analysis, Web Applications, Exploitation Tools | Yes | Comes from Arch. |
| Sqlninja | sqlninja | No | Vulnerability Analysis, Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3, not GPL2. |
| sqlsus | sqlsus | No | Vulnerability Analysis, Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3, not GPL2. |
| sslcaudit | sslcaudit-git | No | Information Gathering | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| SSLsplit | sslsplit | No | Information Gathering, Sniffing/Spoofing | Yes | Comes from Arch. |
| sslstrip | sslstrip | No | Information Gathering, Sniffing/Spoofing | Yes | Comes from Arch. |
| SSLyze | sslyze | No | Information Gathering | Yes | It will be added to PCR soon. |
| THC-Hydra | hydra | Yes | Password Attacks | Yes | Comes from Arch. |
| THC-IPV6 | thc-ipv6 | No | Information Gathering, Vulnerability Analysis, Exploitation Tools, Sniffing/Spoofing | Yes | Comes from Arch. |
| theHarvester | theharvester-git | No | Information Gathering | SemiFree | It is under GPL2, however contains a Nonfree library [35]. If it works without that Nonfree library, then the PKGBUILD should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| TLSSLed | tlssled | No | Information Gathering | Yes | It will be added to PCR soon. |
| tnscmd10g | tnscmd | No | Vulnerability Analysis | Yes | It will be added to PCR soon. |
| twofi | twofi | No | Information Gathering | No | It is under CC-BY-SA 2.0 (UK: England & Wales) [36], however, like all CC licenses, it should not be used on software. [37][38] |
| U3-Pwn | u3-pwn | No | Maintaining Access | no | No license. |
| ua-tester | uatester | No | Web Applications | No | No license. |
| Uniscan | uniscan | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under GPL3, not GPL2. |
| unix-privesc-check | unix-privesc-check | No | Vulnerability Analysis | No | Contains a statement saying "This tool may be used for legal purposes only". It is a contradiction when it comes to the idea of freedom under the GPL2. Furthermore, it is a GPL violation since the Freedom 0 is "the freedom to run the program, for any purpose". See COPYING.UNIX-PRIVESC-CHECK inside source code for further details. |
| URLCrazy | urlcrazy | No | Information Gathering | No | It is under a restrictive license. [39] |
| Valgrind | valgrind | No | Reverse Engineering | Yes | Comes from Arch. |
| Vega | vega | No | Web Applications | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed since the source code is under MIT, not GPL2. Furthermore, it needs be built from the source. See source code [40] for further details. |
| w3af | w3af | No | Web Applications | Yes | It will be added to PCR soon. |
| Weevely | weevely-git | No | Maintaining Access | Yes | It will be added to PCR soon, however BlackArch's PKGBUILD version should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| Webshells | webshells | No | Maintaining Access | no | No license. |
| Winexe | winexe | No | Maintaining Access | Yes | It will be added to PCR soon. |
| Wireshark | wireshark-cli, wireshark-common, wireshark-gtk, wireshark-qt | Yes | Information Gathering, Sniffing/Spoofing | Yes | Comes from Arch. |
| WOL-E | wol | No | Information Gathering | Yes | Comes from Arch. |
| Xplico | xplico-git | No | Information Gathering, Forensics | SemiFree | It is under GPL2, however some other files are under the restrictive CC-BY-NC-SA license. [41] Even like all CC licenses, it should not be used on software too. [42][43] If it works without those restrictive files, then the PKGBUILD should be fixed with git suffix in the pkgname since the source code comes from a version control system (VCS), not a tarball. |
| YARA | yara | No | Reverse Engineering | Yes | Comes from Arch. |
| Yersinia | yersinia | No | Vulnerability Analysis, Exploitation Tools, Sniffing/Spoofing | Yes | It will be added to PCR soon. |
| zaproxy | zaproxy | Yes | Web Applications, Password Attacks, Sniffing/Spoofing | Yes | Comes from Arch. |
| Name(s) | Package(s) | TOP 10 Kali Security Tools | Type | Free | Note(s) |
1.1.1 Information Gathering
- acccheck -> CHECKED
- ace-voip -> CHECKED
- Amap -> CHECKED
- Automater -> CHECKED
- bing-ip2hosts -> CHECKED
- braa -> CHECKED
- CaseFile -> CHECKED
- CDPSnarf -> CHECKED
- cisco-torch -> CHECKED
- Cookie Cadger -> CHECKED
- copy-router-config -> CHECKED
- DMitry -> CHECKED
- dnmap -> CHECKED
- dnsenum -> CHECKED
- dnsmap -> CHECKED
- DNSRecon -> CHECKED
- dnstracer -> CHECKED
- dnswalk -> CHECKED
- DotDotPwn -> CHECKED
- enum4linux -> CHECKED
- enumIAX -> CHECKED
- Fierce -> CHECKED
- Firewalk -> CHECKED
- fragroute -> CHECKED
- fragrouter -> CHECKED
- Ghost Phisher -> CHECKED
- GoLismero -> CHECKED
- goofile -> CHECKED
- hping3 -> CHECKED
- InTrace -> CHECKED
- iSMTP -> CHECKED
- lbd -> CHECKED
- Maltego Teeth -> CHECKED
- masscan -> CHECKED
- Metagoofil -> CHECKED
- Miranda -> CHECKED
- Nmap -> CHECKED
- ntop -> CHECKED
- p0f -> CHECKED
- Parsero -> CHECKED
- Recon-ng -> CHECKED
- SET -> CHECKED
- smtp-user-enum -> CHECKED
- snmp-check -> CHECKED
- sslcaudit -> CHECKED
- SSLsplit -> CHECKED
- sslstrip -> CHECKED
- SSLyze -> CHECKED
- THC-IPV6 -> CHECKED
- theHarvester -> CHECKED
- TLSSLed -> CHECKED
- twofi -> CHECKED
- URLCrazy -> CHECKED
- Wireshark -> CHECKED
- WOL-E -> CHECKED
- Xplico -> CHECKED
1.1.2 Vulnerability Analysis
- BBQSQL -> CHECKED
- BED -> CHECKED
- cisco-auditing-tool -> CHECKED
- cisco-global-exploiter -> CHECKED
- cisco-ocs -> CHECKED
- cisco-torch -> CHECKED
- copy-router-config -> CHECKED
- DBPwAudit -> CHECKED
- Doona -> CHECKED
- DotDotPwn -> CHECKED
- Greenbone Security Assistant -> CHECKED
- GSD -> CHECKED
- HexorBase -> CHECKED
- Inguma -> CHECKED
- jSQL -> CHECKED
- Lynis -> CHECKED
- Nmap -> CHECKED
- ohrwurm -> CHECKED
- openvas-administrator -> CHECKED
- openvas-cli -> CHECKED
- openvas-manager -> CHECKED
- openvas-scanner -> CHECKED
- Oscanner -> CHECKED
- Powerfuzzer -> CHECKED
- sfuzz -> CHECKED
- SidGuesser -> CHECKED
- SIPArmyKnife -> CHECKED
- sqlmap -> CHECKED
- Sqlninja -> CHECKED
- sqlsus -> CHECKED
- THC-IPV6 -> CHECKED
- tnscmd10g -> CHECKED
- unix-privesc-check -> CHECKED
- Yersinia -> CHECKED
1.1.3 Web Applications
- apache-users -> CHECKED
- Arachni -> CHECKED
- BBQSQL -> CHECKED
- BlindElephant -> CHECKED
- Burp Suite -> CHECKED
- CutyCapt -> CHECKED
- DAVTest -> CHECKED
- deblaze -> CHECKED
- DIRB -> CHECKED
- DirBuster -> CHECKED
- fimap -> CHECKED
- FunkLoad -> CHECKED
- Gobuster -> CHECKED
- Grabber -> CHECKED
- jboss-autopwn -> CHECKED
- joomscan -> CHECKED
- jSQL -> CHECKED
- Maltego Teeth -> CHECKED
- PadBuster -> CHECKED
- Paros -> CHECKED
- Parsero -> CHECKED
- plecost -> CHECKED
- Powerfuzzer -> CHECKED
- ProxyStrike -> CHECKED
- Recon-ng -> CHECKED
- Skipfish -> CHECKED
- sqlmap -> CHECKED
- Sqlninja -> CHECKED
- sqlsus -> CHECKED
- ua-tester -> CHECKED
- Uniscan -> CHECKED
- Vega -> CHECKED
- w3af -> CHECKED
- WebScarab
- Webshag
- WebSlayer
- WebSploit
- Wfuzz
- WPScan
- XSSer
- zaproxy -> CHECKED
1.1.4 Password Attacks
- acccheck -> CHECKED
- Burp Suite -> CHECKED
- CeWL
- chntpw
- cisco-auditing-tool -> CHECKED
- CmosPwd
- creddump
- crunch
- DBPwAudit -> CHECKED
- findmyhash
- gpp-decrypt
- hash-identifier
- HexorBase -> CHECKED
- THC-Hydra -> CHECKED
- John the Ripper -> CHECKED
- Johnny
- keimpx
- Maltego Teeth -> CHECKED
- Maskprocessor
- multiforcer
- Ncrack
- oclgausscrack
- PACK
- patator
- phrasendrescher
- polenum -> CHECKED
- RainbowCrack
- rcracki-mt
- RSMangler
- SQLdict
- Statsprocessor
- THC-pptp-bruter
- TrueCrack
- WebScarab
- wordlists
- zaproxy -> CHECKED
1.1.5 Wireless Attacks
- Aircrack-ng -> CHECKED
- Asleap
- Bluelog
- BlueMaho
- Bluepot
- BlueRanger
- Bluesnarfer
- Bully
- coWPAtty
- crackle -> CHECKED
- eapmd5pass
- Fern Wifi Cracker
- Ghost Phisher -> CHECKED
- GISKismet
- Gqrx
- gr-scan
- hostapd-wpe
- kalibrate-rtl
- KillerBee
- Kismet
- mdk3
- mfcuk
- mfoc
- mfterm
- Multimon-NG
- PixieWPS
- Reaver
- redfang
- RTLSDR Scanner
- Spooftooph
- Wifi Honey
- Wifitap
- Wifite
1.1.6 Exploitation Tools
- Armitage -> CHECKED
- Backdoor Factory -> CHECKED
- BeEF -> CHECKED
- cisco-auditing-tool -> CHECKED
- cisco-global-exploiter -> CHECKED
- cisco-ocs -> CHECKED
- cisco-torch -> CHECKED
- Commix -> CHECKED
- crackle -> CHECKED
- exploitdb -> CHECKED
- jboss-autopwn -> CHECKED
- Linux Exploit Suggester -> CHECKED
- Maltego Teeth -> CHECKED
- SET -> CHECKED
- ShellNoob -> CHECKED
- sqlmap -> CHECKED
- THC-IPV6 -> CHECKED
- Yersinia -> CHECKED
1.1.7 Sniffing/Spoofing
- Burp Suite -> CHECKED
- Aldebaran
- DNSChef
- Dsniff
- fiked
- hamster-sidejack
- HexInject
- Hunt
- iaxflood
- inviteflood
- IPtraf
- Iris
- iSMTP -> CHECKED
- isr-evilgrade
- Maa Tec Network Analyzer
- mitmproxy
- NetIntercept
- Network Probe
- NGSSniff
- NTop
- ohrwurm -> CHECKED
- pf
- protos-sip
- rebind
- responder
- rtpbreak
- rtpinsertsound
- rtpmixsound
- sctpscan
- SIPArmyKnife -> CHECKED
- SIPp
- SIPVicious
- SMAC
- SniffJoke
- SSLsplit -> CHECKED
- sslstrip -> CHECKED
- THC-IPV6 -> CHECKED
- VoIPHopper
- WebScarab
- Wifi Honey
- Wireshark -> CHECKED
- xspy
- Yersinia -> CHECKED
- zaproxy -> CHECKED
1.1.8 Maintaining Access
- CryptCat -> CHECKED
- Cymothoa -> CHECKED
- dbd -> CHECKED
- dns2tcp -> CHECKED
- http-tunnel -> CHECKED
- HTTPTunnel -> CHECKED
- Intersect -> CHECKED
- Nishang -> CHECKED
- polenum -> CHECKED
- PowerSploit -> CHECKED
- pwnat -> CHECKED
- RidEnum -> CHECKED
- sbd -> CHECKED
- U3-Pwn -> CHECKED
- Webshells -> CHECKED
- Weevely -> CHECKED
- Winexe -> CHECKED
1.1.9 Reverse Engineering
- apktool -> CHECKED
- dex2jar -> CHECKED
- diStorm3 -> CHECKED
- edb-debugger -> CHECKED
- jad -> CHECKED
- javasnoop -> CHECKED
- JD-GUI -> CHECKED
- OllyDbg -> CHECKED
- smali -> CHECKED
- Valgrind -> CHECKED
- YARA -> CHECKED
1.1.10 Hardware Hacking
- android-sdk -> CHECKED
- apktool -> CHECKED
- Arduino -> CHECKED
- dex2jar -> CHECKED
- Sakis3G -> CHECKED
- smali -> CHECKED
1.1.11 Forensics
- Binwalk
- bulk-extractor
- Capstone
- chntpw
- Cuckoo
- dc3dd
- ddrescue
- DFF
- diStorm3
- Dumpzilla
- extundelete
- Foremost
- Galleta
- Guymager
- iPhone Backup Analyzer
- p0f -> CHECKED
- pdf-parser
- pdfid
- pdgmail
- peepdf
- RegRipper
- Volatility
- Xplico -> CHECKED
1.1.12 Reporting Tools
- CaseFile -> CHECKED
- CutyCapt -> CHECKED
- dos2unix -> CHECKED
- Dradis -> CHECKED
- KeepNote -> CHECKED
- MagicTree -> CHECKED
- Metagoofil -> CHECKED
- Nipper-ng -> CHECKED
- pipal -> CHECKED
1.1.13 Uncategorized
- Metasploit -> CHECKED
- Metasploit-Framework -> CHECKED
- Mimikatz -> CHECKED
- Multimac -> CHECKED
- NfSpy -> CHECKED
1.2 Tasks to do
- Check Top 10 Kali Security Tools packages -> DONE
- Check Information Gathering packages -> DONE
- Check Vulnerability Analysis packages -> DONE
- Check Web Applications packages -> IN PROGRESS
- Check Password Attacks packages
- Check Wireless Attacks packages
- Check Exploitation Tools packages -> DONE
- Check Sniffing/Spoofing packages
- Check Maintaining Access packages -> DONE
- Check Reverse Engineering packages -> DONE
- Check Hardware Hacking packages -> DONE
- Check Forensics packages
- Check Reporting Tools packages -> DONE
- Check Uncategorized packages -> DONE
