Kali Linux is a commonly used distribution for penetration testing, since it includes a vast array of tools preinstalled. However, it does not include everything by default, including commonly used tools such as bloodhound.
Particularly if you find yourselves performing security audits without internet access, it’s worth installing the tools listed below in advance.
Kali Repository Tools
The following tools are available in the Kali repositories, but not installed by default;
| Tool | Description |
|---|---|
| bloodhound | Active Directory security audits |
| bloodhound.py | Bloodhound Python Ingester |
| krb5-user | To work with Kerberos tickets |
| ipcalc | Performs subnetting calculations |
| dbbeaver | Database client that interfaces with multiple types of database, including Oracle |
| rlwrap | Adds flow control to reverse shells |
| covenant-kbx | A C# C2 framework |
| seclists | A collection of useful wordlists |
| peass | Privilege escalation tool |
| eyewitness | Scans address ranges for web servers and takes a screenshot |
| ufw | A iptables firewall interface |
| nishang | PowerShell penetration testing scripts |
| veil | Anti-Virus evasion framework |
| remmina | GUI Remote Desktop Client |
| code-oss | Visual Studio Code IDE |
| chisel | For network traffic tunnelling |
| hcxdumptool | Required for wifite wireless penetration testing tool |
| golang-go | The Go programming language |
| ghidra | Reverse engineering tool |
| gdb-peda | Exploit development assistance for GDB |
| payloadsallthethings | A useful collection of payloads for web application testing |
| raven | A lightweight web based file transfer tool |
The following command will install these tools;
sudo apt install bloodhound bloodhound.py krb5-user ipcalc dbeaver rlwrap covenant-kbx seclists peass eyewitness ufw nishang veil remmina code-oss chisel hcxdumptool golang-go ghidra gdb-peda payloadsallthethings raven
Other Tools
The below tools are very useful, but not available in the Kali repositories at the time of writing.
| Tool | Description |
|---|---|
| Coercer | To perform coerced authentication attacks |
| MITM6 | To perform IPv6 MITM attacks |
| Bloodhound Custom Queries | A query pack for Bloodhound to identify additional attack paths |
| static-binaries | Static binaries for use on remote systems |
| sysinternalsuite | Microsoft systems internals tools (including PSExec, ADExplorer etc) |
| nmap | Windows version of Nmap for use on remote systems |
| NimScan | A fast, portable port scanner written in Nim |
| pspy | Monitor Linux processes |
| GodPotato | SeImpersonate privilege escalation tool |
| Scarecrow | Anti-Virus evasion framework |
| Hacktricks | A collection of pentesting notes |
| NMap2MD | A tool to convert NMap XML files to markdown format |
These tools can be installed using the following commands.
mkdir -p /home/kali/Tools/
cd /home/kali/Tools/
git clone https://github.com/vdjagilev/nmap2md
git clone https://github.com/p0dalirius/Coercer
git clone https://github.com/dirkjanm/mitm6
wget https://github.com/ly4k/Certipy/blob/main/customqueries.json
git clone https://github.com/optiv/ScareCrow
cd /home/kali/Tools/ScareCrow
go build ScareCrow.go
mkdir -p /home/kali/Tools/PrivEsc
cd /home/kali/Tools/PrivEsc
ln -s /usr/share/peass/ /home/kali/Tools/PrivEsc/peass
ln -s /usr/share/windows-resources/powersploit /home/kali/Tools/PrivEsc/PowerSploit
ln -s /usr/share/windows-resources/mimikatz /home/kali/Tools/PrivEsc/Mimikatz
git clone https://github.com/andrew-d/static-binaries
wget https://download.sysinternals.com/files/SysinternalsSuite.zip
wget https://nmap.org/dist/nmap-7.92-setup.exe
wget https://github.com/elddy/NimScan/releases/download/1.0.8/NimScan.exe
wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy64
wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy32
wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET4.exe
git clone https://github.com/carlospolop/hacktricks
Cloud Audit Tools
Kali Repository Tools
| Tool | Description |
|---|---|
| trivy | A cloud security scanner |
| kubernetes-client | For interacting with kubernetes clusters |
These tools can be installed with;
sudo apt install trivy kubernetes-client
Other Cloud Tools
Scoutsuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
cd /home/kali/Tools/
git clone https://github.com/nccgroup/ScoutSuite
cd ScoutSuite
virtualenv -p python3 venv
source venv/bin/activate
pip install -r requirements.txt
python scout.py --help
Tools that Require Compiling
These tools will need to be compiled with Visual Studio;
https://github.com/GhostPack/Rubeus
https://github.com/GhostPack/Certify
https://github.com/GhostPack/SharpUp
Wordlists
Kali does include rockyou.txt by default, but the more the better 🙂
| Name | Size | Download | Notes |
|---|---|---|---|
| Crackstation | 15 GB | https://crackstation.net/ | Combination of wordlists, including non english words |
| Rocktastic | 13 GB | https://labs.nettitude.com/blog/rocktastic/ | Nettitude’s permutations of the infamous rockyou wordlist |
| RockYou2021 | 100 GB | https://github.com/ohmybahgosh/RockYou2021.txt | The largest collection of compromised passwords, including 8.4 billion entries |
| SecLists | 807Mb | https://github.com/danielmiessler/SecLists/tree/master/Passwords | Includes a large number of default passwords |
| Weakpass 2P | 9.4 Gb | https://weakpass.com/download | A password list complaint with the default windows password policy |
| English Words | 4.1Mb | https://github.com/dwyl/english-words | For use with rule attacks |
Commercial Tools
If you have licenses for the following tools, it’s worth installing them at the same time.
Miscellaneous Tweaks
To fix VIM text editor mouse behaviour, add the following to /home/kali/.vimrc:
set mouse-=a
syntax on
In Conclusion
I would recommend trying to run the tools at least once after installing them to make sure everything is working correctly. Since inevitably something will break, I would also recommend preparing a secondary distribution, such as Parrot OS.