Ethical hacking requires understanding network vulnerabilities through specialized tools, and anyone can learn penetration testing fundamentals using free, open-source software available on Kali Linux—but only with proper authorization to avoid legal consequences.
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. It is available in multiple formats including Mobile devices, Containers, ARM, Cloud providers, Windows Subsystem for Linux, Pre-built Virtual Machine, Installer Images, and others. The official website is https://www.kali.org/ and it can be installed via WSL on Windows with the command sudo apt install set -y or downloaded as ISO images.
The video covers 10 tools pre-installed on Kali Linux:
1. Nmap (https://nmap.org/): Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap was created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) and is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Basic usage: nmap -A -T4 scanme.nmap.org for aggressive scan with OS detection.
2. Wireshark (https://www.wireshark.org/): Wireshark is a powerful, open-source network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network, providing deep inspection of hundreds of protocols. Originally created by Gerald Combs in 1998 and continually built and maintained since then by over 1,000 contributors, Wireshark is a free open source tool that has become an essential resource for diagnosing network issues, detecting security vulnerabilities, and understanding how applications communicate across networks. It uses pcap to capture packets and provides a GUI with three panes showing packet list, details, and raw bytes.
3. Metasploit Framework (https://www.metasploit.com/): The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. Metasploit contains over 2,300 exploits and receives weekly updates, making it the most comprehensive penetration testing framework available. The video's EternalBlue example is accurate: This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. GitHub: https://github.com/rapid7/metasploit-framework
4. Aircrack-ng (https://www.aircrack-ng.org/): Aircrack-ng is a complete suite of tools to assess WiFi network security. Its main goal was to recover 802.11 wireless networks WEP keys using an implementation of the Fluhrer, Mantin and Shamir (FMS) attack alongside the ones shared by a hacker named KoreK. Aircrack was forked by Thomas D'Otreppe in February 2006 and released as Aircrack-ng (Aircrack Next Generation). GitHub: https://github.com/aircrack-ng/aircrack-ng. The suite includes airmon-ng (monitor mode), airodump-ng (packet capture), aireplay-ng (packet injection), and aircrack-ng (WEP/WPA cracking).
5. Hashcat (https://hashcat.net/hashcat/): hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, macOS, and Windows. GitHub: https://github.com/hashcat/hashcat. The video's claim about using rockyou.txt (14 million passwords) is accurate. Basic usage: hashcat -m <hash_type> <hash_file> <wordlist>. The tool supports GPU acceleration and custom rules for password mutations.
6. Skipfish (https://github.com/spinkham/skipfish): skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. Skipfish is a fully automated, high-speed web application vulnerability scanner developed by Google. Basic usage: skipfish -o <output_dir> <target_url>. It scans for XSS, SQL injection, and other web vulnerabilities.
7. Foremost (https://foremost.sourceforge.net/): Foremost is a forensic data recovery program for Linux that recovers files using their headers, footers, and data structures through a process known as file carving. Although written for law enforcement use, the program and its source code are freely available and can be used as a general data recovery tool. Foremost was originally written by Special Agents Kris Kendall and Jesse Kornblum of the U.S. Air Force Office of Special Investigations. Basic usage: foremost -t <file_types> -i <image_file>. It can recover jpg, gif, png, pdf, zip, and many other file types.
8. SQLmap (https://sqlmap.org/): sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. GitHub: https://github.com/sqlmapproject/sqlmap. Basic usage: sqlmap -u "http://target.com/page?id=1" --dbs to enumerate databases. It supports MySQL, PostgreSQL, MSSQL, Oracle, and many other database systems.
9. Hping3: Hping3 is a packet crafting tool that gives you direct control over individual network packets for security testing and advanced network analysis. Hping3 is an open-source packet generator and analyzer. It is used for crafting and sending custom TCP/IP packets and testing network security. The video's DDoS example is accurate: hping3 --flood -p 80 --rand-source <target_ip> sends SYN flood with randomized source IPs. Hping was created by Salvatore Sanfilippo ("Antirez") in the late 1990s. The original utility focused on TCP packet crafting for tasks like firewall testing and network probing. Sanfilippo developed Hping3 starting in 2004 as a major evolution.
10. Social Engineering Toolkit (https://github.com/trustedsec/social-engineer-toolkit): The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here. The Social Engineer's Toolkit (SET) is an open-source tool created by David Kennedy, which is designed to facilitate social engineering attacks. SET is a powerful toolkit that automates a wide range of social engineering attacks, such as spear phishing, credential harvesting, website cloning, and more. Installation on Kali: sudo apt install set -y or clone from GitHub. Launch with setoolkit command.
Additional tools mentioned: John the Ripper (https://www.openwall.com/john/) - John the Ripper is free and Open Source software, distributed primarily in source code form. John the Ripper (JtR) is a free, open-source password cracking tool that enables IT professionals to test password strength through offline attacks against cryptographic password hashes. GitHub: https://github.com/openwall/john. It supports dictionary, single crack, and incremental (brute-force) modes.
Anyone can master penetration testing fundamentals using free, open-source tools on Kali Linux—but only with proper authorization to stay legal.