Tool Name Tool Category Summary Use Cases

Use cases could be for identifying potential

nmap can be used to get insights targets on a given network.
about a network device, (IP, OS Once a target is selected, nmap can be used
nmap Information Gathering detection, open ports, etc). to identify open ports.
Used by network administrators to sniff
for certain type of network traffic, and to
see who is sending/receiving specific
information. Can also be used by an attacker
Although not exclusive to Kali Linux, to view packets being transmitted over the
wireshark is a packet sniffing tool that network to better understand the network.
wireshark Information Gathering lets users view packets in real time. Both use cases offer opposite motives.

An attacker could install Mimikatz on a target

Mimikatz could be used in order to machine that is running Windows 7 or
view credentials in plaintext. Mimikatz is another Windows operating system. Once
extremely effective against legacy instlaled the attacker could use this tool to
Mimikatz Password Cracking Windows systems. retrive credential information from memory.

Hashcat could be used by an attacker to gain

access to a system. If the attacker knows the
username of an administrator, then he can
Hashcat is a password cracking toold use hashcat to guess and break the password,
Hashcat Password Cracking that can be used to break passwords. thus, gaining access to a system or network.
An attacker could use this tool to try and gain
access to a database server. Also a database
administrator could use this tool to see if he
is able to break into the database. If he is,
sqlmap can automate the exploitation of then he will know he has to fix the security
sqlmap Penetration Testing SQL injection vulnerabilities. issue.
 An IT team could use this tool to simulate a
This tool is used for testing and user phishing attack on end users. Afterwards, the
awareness training. The tool then data could be shown and used for training
provides statistics on the phishing purposes. If many employees fell victim to
campaign's results. the attack, the could be made aware about
King Phisher Phishing Simulation the dangers of phishing.

This tool could be used by a user in order to

analyise any potential vulnerabilities in their
web browser. This is vital because client-side
security is important. This can provide a user
with information to better secure their
BeEF is a tool that can be used to access browser.
BeEF Security Analysis the security of a web browser.
Lynis is an open source tool that can
be used to perform a security audit An example of Lynis could be searching for
on a system. The tests adhere to installed software and checking to see if
Lynis Vulnerability Analysis common security guidelines. there are any issues.

Nessus could be utilized by both an attacker

Nessus can scan remote machines or
and identify vulnerabilities on the a member of the internal IT staff. An attacker
machine. It runs a series of tests to could use it to identify means to attack, while
identify vulnerabile services or areas on an administrator could use it to find areas of
Nessus Vulnerability analysis the machine. weakness in a system to patch.
WPScan could be used to harden a
WordPress site. Alternitively it could be used
A black box WordPress vulnerability by an attacker
scanner. Used to find security issues to discover any vulnerabilities.
WPScan Web Application Analysis with WordPress configs.
 This tool can access WiFi network
security. There is a complete suite This tool can be used to recover keys
of tools to accomplish different tasks. after capturing enough data packets.
Aircrack-ng Wireless Attacks
An attacker could deploy this tool in an area
with existing Wireless networks. Once users
This tool can be used to trick users into attempt to connect to it, believing it to be the
providing their credentials to a wireless real network they will provide their
network. It does this by creating an "evil credentials. From here an attacker could
twin" of a wireless AP, which can fool store their credentials to gain access to the
users into attempting to sign into it. network. They could potentially use these
Fluxion Wireless Attacks credentials to access other systems or
This tool could be used by an attacker who
wants to have an exact copy of a well-known
website. This could help their phishing
httrack is a tool that can be used to attempts to fool users into thinking they are
download and clone an existing website. on a trusted website when in reality they are
It uses a web crawler to downlad the not.
httrack Web Application Analysis website.

This tool can be used by an attacker to

identify vulnerabilities in a website's
This tool is used to test for SQL injection database. If any are identified, this could help
vulnerabilities. the attacker exploit the vulnerability.
SQLiv Vulnerability Analysis

TraceRoute is used to trace the path that An admin could use this tool to troubleshoot
packets take from source to a network issues. If a system is unreachable the
destination. This tool is not exclusive to admin could verify the path that is used to
Kali and is installed on most operating reach the destination, looking for errors along
TraceRoute Diagnostics Tool systems. the way.