18 Best Kali Linux Tools and How to Use Them

Kali Linux Tools for Network Scanning and Recon

1. Nmap (Beginner)

Nmap, short for Network Mapper, is one of the most widely used open-source tools in Kali for network discovery and security auditing.

What Nmap Can Do

• Detect active devices connected to a network
• Scan ports to determine which services are reachable

How to Use Nmap in Kali Linux

Step 1: Open the terminal in Kali Linux

Step 2: Run a host discovery scan to see which systems are active on the network

nmap -sn 192.168.1.0/24

Step 3: Scan a specific system to identify open ports

nmap 192.168.1.10

Step 4: Detect services and their versions running on open ports

nmap -sV 192.168.1.10

Step 5: Attempt to detect the operating system

nmap -O 192.168.1.10

2. Netcat (Beginner)

Netcat is a lightweight networking utility that reads and writes data across TCP or UDP connections.

What Netcat Can Do

• Test whether a specific port on a system is reachable
• Transfer files between two machines through a direct connection

How to Use Netcat in Kali Linux

Step 1: Open the terminal

Step 2: Check whether a port is open on a target system

nc -zv 192.168.1.10 80

Step 3: Start a listener that waits for an incoming connection

nc -lvp 4444

Step 4: Connect to a remote system that is listening on a port

nc 192.168.1.10 4444

Step 5: Transfer a file between two systems

Sender:

nc 192.168.1.10 1234 < file.txt

Receiver:

nc -l 1234 > received.txt

3. Maltego (Advanced)

Maltego is an open-source intelligence (OSINT) and link-analysis tool used to collect and analyse information from publicly available sources. 

What Maltego Can Do

• Discover related domains, IP addresses, and infrastructure linked to a target
• Find publicly available email addresses and social profiles associated with a domain

How to Use Maltego in Kali Linux

Step 1: Launch Maltego from the Kali Linux applications menu

Step 2: Create a new investigation graph

Step 3: Add an entity such as a domain name, email address, or company

Step 4: Run transforms, which are automated queries that collect related data from available sources

Step 5: Analyse the resulting graph to identify relationships between entities

Kali Linux Tools for Traffic Capture and Analysis

4. Wireshark (Beginner)

Wireshark is a widely used network protocol analyzer that captures and displays data packets as they move across a network.

What Wireshark Can Do

• Capture live network traffic from a selected interface
• Display detailed packet information across multiple network layers

How to Use Wireshark in Kali Linux

Step 1: Open Wireshark from the applications menu in Kali Linux

Step 2: Select the network interface you want to monitor, such as Ethernet or Wi-Fi

Step 3: Click Start Capture to begin collecting network packets

Step 4: Observe packets appearing in the capture window as network activity occurs

Step 5: Use the display filter bar to narrow the traffic. For example, to view HTTP traffic: http

Step 6: Click any packet to view its details, including headers and payload

Step 7: Save the capture file, if needed, by exporting it as a PCAP file for later analysis

Kali Linux Tools for Web Application Security Testing

5. Burp Suite (Beginner)

Burp Suite is a widely used platform for testing the security of web applications and works as an intercepting proxy between a browser and a website.

What Burp Suite Can Do

• Intercept web traffic between the browser and the application
• Modify request parameters before they reach the server

How to Use Burp Suite in Kali Linux

Step 1: Open Burp Suite from the Kali Linux applications menu

Step 2: Launch the built-in browser or configure your normal browser to route traffic through Burp’s proxy (usually 127.0.0.1:8080)

Step 3: Visit a website using the browser while Burp’s Intercept feature is active

Step 4: Observe the captured request inside the Proxy tab

Step 5: Send a request to Repeater to modify parameters, then resend it to the server for testing

6. OWASP ZAP (Beginner)

OWASP ZAP, also known as Zed Attack Proxy, is an open-source tool used to find security weaknesses in web applications.

What OWASP ZAP Can Do

• Capture and inspect HTTP and HTTPS traffic
• Automatically crawl a website to identify its pages and endpoints

How to Use OWASP ZAP in Kali Linux

Step 1: Launch OWASP ZAP from the Kali Linux tools menu

Step 2: Configure the browser to route traffic through ZAP’s proxy

Step 3: Browse the target website normally so that ZAP can record requests

Step 4: Use the Spider feature to discover pages in the application automatically

Step 5: Run an Active Scan to check the application for known security vulnerabilities

7. Nikto (Intermediate)

Nikto is an open-source scanner designed to examine web servers for security issues. Instead of testing the behaviour of a web application, it focuses on the server environment that hosts the application.

What Nikto Can Do

• Detect outdated or insecure server software versions
• Identify dangerous or exposed files on a web server

How to Use Nikto in Kali Linux

Step 1: Open the terminal in Kali Linux

Step 2: Run a scan against a web server by specifying the target host

nikto -h http://example.com 

Step 3: Wait while Nikto checks the server for known issues

Step 4: Review the output to identify configuration weaknesses or exposed resources

Step 5: Use the findings to further investigate server security

8. SQLmap (Advanced)

SQLmap is an open-source penetration testing tool that helps detect and exploit SQL injection vulnerabilities in web applications. 

What SQLmap Can Do

• Detect SQL injection vulnerabilities in web applications
• Identify the type of database used by the target system

How to Use SQLmap in Kali Linux

Step 1: Open the terminal

Step 2: Provide the target URL that contains a parameter for testing

sqlmap -u "http://example.com/page?id=1"

Step 3: Allow SQLmap to test the parameter for possible injection points

Step 4: Use enumeration options if a vulnerability is detected

Example command to list databases:

sqlmap -u "http://example.com/page?id=1" --dbs

Step 5: Review the output to understand how the application interacts with its database.

9. Gobuster (Intermediate)

Gobuster is a command-line tool used to discover hidden resources on web servers. It works by sending requests based on a wordlist and checking whether the server responds to those paths.

What Gobuster Can Do

• Identify hidden directories or files on a website
• Discover subdomains related to a domain

How to Use Gobuster in Kali Linux

Step 1: Open the terminal in Kali Linux

Step 2: Run a directory scan using a wordlist

gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt

Step 3: Wait while Gobuster sends requests for each wordlist entry

Step 4: Review the results to identify directories or files that return valid responses

Step 5: Investigate the discovered paths further during security testing

Kali Linux Tools for Wireless Testing

10. Aircrack-ng (Advanced)

Aircrack-ng is a well-known suite of tools used to assess the security of Wi-Fi networks. It includes several utilities that capture wireless traffic, analyse packets, and test the strength of wireless authentication.

What Aircrack-ng Can Do

• Enable monitor mode on a wireless adapter to observe nearby traffic
• Capture wireless packets and identify access points and connected devices

How to Use Aircrack-ng in Kali Linux

Step 1: Open the terminal

Step 2: Enable monitor mode on the wireless adapter

sudo airmon-ng start wlan0

Step 3: Scan nearby Wi-Fi networks and identify the target network

sudo airodump-ng wlan0mon

Step 4: Capture traffic from the selected access point

sudo airodump-ng -c [channel] --bssid [BSSID] -w capture wlan0mon

Step 5: Run a dictionary attack on the captured handshake file

sudo aircrack-ng -w /usr/share/wordlists/rockyou.txt -b [BSSID] capture-01.cap

Learn 30+ in-demand cybersecurity skills and tools, including Ethical Hacking, System Penetration Testing, AI-Powered Threat Detection, Network Packet Analysis, and Network Security, with our Cybersecurity Expert Masters Program.

Kali Linux Tools for Password Auditing and Credential Testing

11. John the Ripper (Intermediate)

John the Ripper is a password auditing and recovery tool used to test the strength of stored password hashes.

What John the Ripper Can Do

• Detect many common password hash formats automatically
• Attempt password recovery using dictionary-based attacks

How to Use John the Ripper in Kali Linux

Step 1: Open the terminal

Step 2: Provide a file that contains password hashes

john hashes.txt

Step 3: Run a dictionary attack using a wordlist

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Step 4: View the cracked passwords.

john --show hashes.txt

12. Hashcat (Advanced)

Hashcat is a high-performance password recovery tool designed to test password hashes at very high speeds.

What Hashcat Can Do

• Use GPUs to accelerate password-recovery operations
• Support hundreds of hash types such as MD5, SHA-1, WPA2, and bcrypt

How to Use Hashcat in Kali Linux

Step 1: Open the terminal

Step 2: Identify the hash type you want to test

Step 3: Run a dictionary attack against the hash file

hashcat -m 0 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt

Step 4: Monitor progress while Hashcat tests possible password combinations

Step 5: Display recovered passwords

hashcat -m 0 hashes.txt --show

13. Hydra (Advanced)

Hydra is a network login cracking tool used to test the strength of authentication systems.

What Hydra Can Do

• Attempt authentication against services such as SSH, FTP, HTTP, and SMB
• Test single or multiple usernames with password lists

How to Use Hydra in Kali Linux

Step 1: Open the terminal

Step 2: Run a password attack against an SSH login service

hydra -l root -P pass.txt 192.168.1.10 ssh

Step 3: Monitor the output while Hydra tests each password in the list

Step 4: If valid credentials are discovered, Hydra displays them in the results

Step 5: Investigate whether the system needs stronger authentication controls

Kali Linux Tools for Exploitation and Social Engineering

14. Metasploit Framework (Advanced)

Among the penetration testing tools in Kali Linux, Metasploit Framework is used to identify and exploit security weaknesses in systems.

What Metasploit Can Do

• Run exploit modules that target known software vulnerabilities
• Deliver payloads that execute commands on compromised systems

How to Use Metasploit in Kali Linux

Step 1: Open the terminal

Step 2: Launch the Metasploit console

msfconsole

Step 3: Search for an exploit targeting the software

search [software_name]

Step 4: Select an exploit module

use exploit/example_module

Step 5: Configure the required parameters and run the exploit

exploit

15. BeEF (Advanced)

BeEF, short for Browser Exploitation Framework, is a security tool designed to demonstrate risks associated with web browsers. It focuses on client-side attack techniques that target browser behaviour rather than server vulnerabilities.

What BeEF Can Do

• Establish a connection with a browser that loads a testing script
• Execute commands inside the connected browser session

How to Use BeEF in Kali Linux

Step 1: Open the terminal

Step 2: Start the BeEF framework

beef-xss

Step 3: Log in to the BeEF web interface shown in the terminal output

Step 4: Deliver the provided hook script to a test browser environment

Step 5: Manage connected browsers and run controlled test modules

16. Social Engineering Toolkit (Intermediate)

The Social Engineering Toolkit, often called SET, is an open-source framework designed to simulate social engineering attacks during security testing.

What the Social Engineering Toolkit Can Do

• Create phishing email campaigns for testing awareness
• Generate cloned websites that simulate login pages

How to Use SET in Kali Linux

Step 1: Open the terminal

Step 2: Launch the toolkit

setoolkit

Step 3: Choose the social engineering attack type from the menu

Step 4: Select a specific module, such as a website cloning test

Step 5: Follow the guided prompts to configure the testing scenario

17. SearchSploit (Beginner)

SearchSploit is a command-line tool that provides offline access to the Exploit-DB database. 

What SearchSploit Can Do

• Search the local Exploit-DB archive without internet access
• Find known exploits linked to specific software or versions

How to Use SearchSploit in Kali Linux

Step 1: Open the terminal

Step 2: Search for exploits related to a specific program

searchsploit apache

Step 3: Review the results to find relevant vulnerabilities

Step 4: Copy an exploit to your working directory

searchsploit -m exploit_path

Step 5: Examine the exploit code to understand how the vulnerability works

18. Exploit-DB (Beginner)

Exploit-DB is the online exploit archive that SearchSploit relies on. Maintained by Offensive Security, it is a public database of exploits, proof-of-concept (PoC) code, and security references used by researchers and ethical hackers.

What Exploit-DB Can Do

Find publicly archived exploits for different platforms, software, and versions

Access proof-of-concept code and the Google Hacking Database (GHDB) for research

How to Use Exploit-DB

Step 1: Open a web browser in Kali Linux or any other system

Step 2: Visit the Exploit-DB website

Step 3: Use the search bar to look up a software name, product version, or vulnerability type

Step 4: Review the matching exploit entries and open a result to examine the available details

Step 5: Download or study the proof-of-concept code only in authorized lab or testing environments

Did You Know? Kali Linux is a Debian-based distribution that comes preinstalled with over 600 security tools for penetration testing and digital forensics. (Source: Europian Union)

How to Install and Update Kali Linux Tools?

So you have seen the best Kali Linux tools. Now here are the steps to update and install these tools:

Step 1: Open the Terminal

Most updates and installations in Kali Linux are done through the terminal.

Step 2: Update the Package List

Run the following command to refresh the list of available packages from the repositories.

sudo apt update

Step 3: Upgrade Installed Tools

After updating the package list, upgrade the installed packages and tools.

sudo apt full-upgrade -y

Step 4: Install a Specific Tool

If a tool is not already installed, it can be added using the install command.

sudo apt install tool_name

For example, to install Nmap:

sudo apt install nmap

Step 5: Install a Group of Kali Tools (Optional)

Kali Linux also provides metapackages, which install multiple tools at once. For example, the following command installs a common set of Kali pentesting tools:

sudo apt install kali-linux-default

Sometimes a tool might not appear after installation, or a command might not be recognized. This usually happens if the package list is outdated or the tool isn’t included in your Kali version. Running sudo apt update and reinstalling with sudo apt install tool_name usually fixes it.

Are you looking to start or advance your career in Ethical Hacking? Unlock your potential as an Ethical Hacker with our CEH v13 - Certified Ethical Hacking Course. Learn to protect systems from threats using the latest tools and techniques.

Are Kali Linux Tools Legal for Personal Use?

Kali Linux tools are legal to download and use for personal learning, cybersecurity training, and research. The operating system includes many security and digital forensics tools that help users analyse systems, study network behaviour, and understand how security incidents are investigated.

Conclusion

Kali Linux puts a wide range of cybersecurity tools in the hands of learners and professionals, including network scanning, traffic analysis, web application testing, wireless auditing, password assessment, and exploit research. When you understand what each tool is designed to do and the situations in which to use it, Kali Linux becomes much easier to work with and far more valuable as a hands-on learning platform.

To go beyond simply recognizing tools and start building practical, job-ready skills, consider Simplilearn’s Cyber Security Expert Master’s Program. A structured learning path can strengthen your core knowledge, provide guided practice, and show you how these tools are applied in real-world cybersecurity careers. Be sure to use Kali Linux tools only in authorized environments for education, testing, or legitimate professional security work.

Key Takeaways

• Kali Linux includes tools for reconnaissance, traffic analysis, web security testing, wireless auditing, password testing, exploitation, and OSINT
• Beginner-friendly tools such as Nmap, Netcat, Wireshark, Burp Suite, and SearchSploit help build a strong foundation in security testing
• More advanced tools such as SQLmap, Aircrack-ng, Hashcat, Hydra, Metasploit, and BeEF are commonly used in deeper security assessments
• SearchSploit is an offline exploit search tool, while Exploit-DB provides an online archive of exploits and proof-of-concept resources
• Most Kali Linux tools can be installed or updated easily with APT commands such as sudo apt update, sudo apt full-upgrade -y, and sudo apt install tool_name
• These tools are legal for learning, research, and professional security work only when used on systems you own or have permission to test

FAQs

1. What are 5 Linux commands?

Five Linux commands most beginners start with are ls, cd, pwd, mkdir, and cp. These help you view files, move between folders, check your current directory, create new folders, and copy files. If you plan to use Kali Linux tools in the terminal, knowing these basics makes everything easier.

2. Kali tools vs Parrot OS tools: what’s the difference?

Kali Linux and Parrot OS both come with tools for cybersecurity and penetration testing, so they overlap in many areas. The main difference is in how they are packaged and positioned. Kali Linux is better known for professional penetration testing, while Parrot OS also focuses on privacy, lightweight system use, and secure everyday computing. In real use, many of the core tools are the same, but the overall experience can feel different.

3. How do I set up Kali for penetration testing: on a VM, dual-boot, or in the cloud?

That depends on how you want to use Kali Linux. For most beginners, running Kali in a virtual machine is the easiest and safest option because it does not affect the main operating system. Dual-booting can offer better performance and more direct hardware access, while cloud-based setups work well for remote labs and flexible testing environments. If you are just getting started, a VM is usually the best place to begin.

4. How long does it take to learn the core Kali tools for entry-level pentesting?

There is no fixed timeline, because it depends on your current skills and how often you practice. If you already understand basic Linux and networking, you can start getting comfortable with tools like Nmap, Wireshark, Burp Suite, and Metasploit within a few months. But learning the tools is only one part of the process. To prepare for entry-level pentesting, you also need hands-on lab work, problem-solving practice, and a solid understanding of how real security testing works.